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I  have  patience 
pills  in  my 
desk,  and  I  take 
a  lot  of  them. 

JEAN.  HOLLEY.  USG 


As  USG’s  first  CIO  and  one  of  the  few  officers  brought  in  from  the 

outside  at  the  construction  materials  maker,  Jean  Holley  faced  a  daunting  set 
of  challenges:  fast-forwarding  the  company’s  legacy-bound  IT  infrastructure 
into  the  21st  century,  bringing  rogue  IT  workers  into  the  fold  and  abolishing 
the  company’s  view  of  IT  as  an  administrative  function. 

Profile  by  Kathleen  Melymuka  begins  on  page  24. 


FLIGHT  FEAR 
SHIFTS  TECH 
PLANNING 


Projects  to  simplify 
check-in  jeopardized 


BY  JENNIFER  DlSABATINO 

Before  the  hijacking  of  four 
commercial  airplanes  on  Sept. 
11,  the  biggest  IT  imperative 
for  most  carriers  was  leverag¬ 
ing  technology  to  get  passen¬ 
gers  through  the  airport  and 
aboard  their  flights  as 
quickly  as  possible. 

Now,  under  more 
stringent  security  guide¬ 
lines,  at  least  one  key 
project  is  on  hold,  and  others 
are  being  reconsidered. 

In  April,  United  Air  Lines 
Inc.  in  Chicago  announced  that 
it  would  install  more  than  1,100 
self-service  kiosks  in  25  air¬ 
ports  over  the  next  two  years 
Projects,  page  14 


Boeing  eyes  broadband 
to  improve  security 


BY  JAMES  COPE 

CHICAGO 

With  airline  passenger  traffic 
down  and  concerns  about  air¬ 
plane  security  rising  following 
the  Sept.  11  terrorist  attacks  on 
the  U.S.,  Phil  Condit,  chairman 
and  CEO  of  The  Boeing 
Co.,  last  week  disclosed 
plans  to  use  broadband 
technology  to  beef  up 
security  on  aircraft. 

“Part  of  the  challenge  now  is 
not  putting  things  off,”  Condit 
said,  speaking  at  Boeing’s  new 
corporate  headquarters  here. 
“We’re  asking,  ‘How  do  we 
move  ahead  to  make  the  [air¬ 
line]  system  more  secure  and 
Boeing,  page  14 


USERS  VOICE  DOUBTS  ON  JAVA  SPEC 


They  say  J2EE 13  lacks 
Web  services  support 


BY  LEE  COPELAND 

Aiming  to  improve  connectivi¬ 
ty  and  make  it  easier  to  man¬ 
age  Enterprise  JavaBeans,  Sun 


Microsystems  Inc.  last  week 
released  an  enhanced  version 
of  its  Java  2  Enterprise  Edition 
1.3  specification,  the  basic 
building  block  for  Java-based 
application  servers. 

But  while  J2EE  1.3  addresses 
some  key  integration  issues. 


users  and  analysts  said  it  lacks 
sufficient  Web  services  sup¬ 
port  features,  which  are  critical 
for  letting  applications  swap 
functionality  over  the  Internet. 

“There  are  some  issues  with 
J2EE  that  are  evolving  still,  and 
personally,  I  would  not  jump 
into  it  right  now  for  that  rea¬ 
son,”  said  George  Mizzi,  appli¬ 
cation  infrastructure  manager 
at  New  York-based  Sanford  C. 
Bernstein  &  Co.  Mizzi  said  the 
lack  of  Web  services  support  is 
the  most  significant  hole  in  the 
J2EE  specification. 

The  $850  million  investment 
management  firm  recently 
built  a  trading  desk  application 
that  uses  Web  services  in  the 
Java  Spec,  page  61 


ONLINE  AnACK 
CONCERNS  GROW 


Experts  urge  vendors  to 
boost  product  security 


BY  PATRICK  THIBODEAU 

WASHINGTON 

The  war  on  terrorism  could 
increase  the  number  of  cyber¬ 
attacks  aimed  at  U.S.  firms 
already  struggling  to  repair  a 
rapidly  escalating  array  of  vul¬ 
nerabilities  to  Internet-con¬ 
nected  systems. 

It’s  the  cyberequivalent  of 
the  “perfect  storm,”  the  merg- 
Online  Attacks,  page  61 


|  Some  past  incidents: 

s'  ►  Hacker  activity  increased  after  a 
3  U.S.  spy  plane  was  captured  by 
1  China  in  April. 

o 

i  ►NATO  Web  servers  received  sus¬ 
hi’  tained  ping  saturation  and  DDOS 
§  attacks  during  air  strikes  in  Kosovo 
5  and  Serbia  last  year. 

o 

1  ►  Web  site  defacements  in  Israel 

p  increased  as  the  Palestinian  conflict 
|  worsened. 

s  What  might  attackers  do  now? 

2  ►Deface  Web  sites. 

UJ 

I  ►  Launch  DDOS  attacks. 

I  ►Use  worms  and  viruses  to  exploit 
§  vulnerabilities. 

8 _ _ 
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99.999%  uptime.  For  a  server  operating  system,  it’s  a  measure  of  reliability  that  translates  into  just  over  five  minutes  of  server  downtime  per 
year*  For  your  business,  that  means  servers  are  up  and  running  when  people  need  them.  Of  course,  rumors  of  this  99.999%  uptime  usually 
start  under  ideal  lab  conditions.  But  where  are  these  five  nines  when  your  business  needs  them?  If  you’re  using  Microsoft®  Windows®  2000 
Server- based  solutions,  they  may  be  closer  than  you  think.  Today  Starbucks,  FreeMarkets  and  MortgageRamp,  an  affiliate  of  GMAC  Commercial 


The  coveted  five  nines.  In  the  past, 

only  a  precious  few  were  allowed  to  see  them. 


Windows  2000 

^  1 1  Server  Family 


•This  level  of  availability  Is  dependent  on  many  factors  outside  of  the  operating  system,  Including  other  hardware  and  software  technologies,  missiorvcrltical  operational  processes  and  professional  services.  ©  2001  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  Windows,  and  the  Windows  logo  are  either  registered  trademarks  or  trademarks  of 

Microsoft  Corporation  in  the  United  States  and^r  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 


Mortgage,  are  using  Windows  2000  Server-based  systems  designed  to  deliver  99.999%  server  uptime.  Of  course,  not  all  installations  require  this 
level  of  reliability,  but  one  thing  is  for  sure:  The  Windows  2000  Server  family  can  help  you  get  to  the  level  of  reliability  you  need.  In  fact,  industry  leaders 
such  as  Compaq,  Dell,  Hewlett-Packard,  IBM,  Unisys,  Stratus  and  Motorola  Computer  Group  can  work  with  you  to  deliver  solutions  with  up  to  five  nines 
uptime.  To  learn  more  about  server  solutions  you  can  count  on,  visit  microsoft.com/windows2000/servers  Software  for  the  Agile  Business. 


ca  smart  Program  Guideline 


The  ca  smart  logo  is  only  to  be  used  by  CA 
partners  for  innovative  eBusiness  products 
or  solutions  on  which  CA  technology  resides, 
is  a  component  of,  or  is  otherwise  integrated. 
Which  would  not  include  sporting  goods. 

For  more  information,  visit  ca.com/casmart. 
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©2001  Computer  Associates  International,  Inc.  (CA).  All  trademarks,  trade  names,  service  marks,  and  logos  referenced  herein  belong  to  their  respective  companies. 


EDWARD  SANTALONE 


DIGITAL  CRIMINAL 
CASE  RECORDS 

The  Queens  County,  N.Y., 
District  Attorney’s  Office 
has  replaced  paper  records 
for  the  50,000  criminal  cases 
it  handles  each  year  with 
a  Linux-based  document¬ 
imaging  system,  says  Robert 
Schlesinger,  director  of  in¬ 
formation  services.  PAGE  46 


SECURITY 

AMBASSADORS 


As  companies  increasingly 
put  security  in  the  hands  of 
systems  specialists,  they 
need  IT  liaisons,  such  as 
Leslie  Peckham  of  American  Family  Mutual 
Insurance,  who  can  help  business  units  and  IT 
understand  each  other’s  needs.  PAGE  36 
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NEWS  6 

6  Supply  chain  managers  find 

that  they  need  to  build  terrorism 
scenarios  into  their  planning. 

7  The  federal  government  looks 

to  advanced  smart-card  technology 
to  prevent  identity  fraud. 

8  Most  cellular  carriers  will  miss 
today’s  deadline  for  compliance 
with  the  FCC’s  location-finding 
regulations. 

9  Firms  automate  to  flag  financial 
transactions  by  known  terrorists. 

10  Microsoft  responds  to  Gart¬ 
ner’s  advice  that  users  should  con¬ 
sider  alternatives  to  Microsoft’s 
Internet  Information  Server. 

12  Fidelity  gears  up  for  this 

month’s  massive  conversion  of 
its  data  to  an  XML  format. 


For  breaking  news,  updated 
twice  daily  at  noon  and  5 
p.m.,  visit  the  Computer- 
world.com  Web  site: 

www.computerworld.com/q?q4000 


BUSINESS  23 

23  Paul  A.  Strassmann  says  that 
in  the  wake  of  the  attacks  on  the 
U.S.,  protecting  the  Internet  is  of 
vital  importance  to  business. 

24  Jean  Holley  has  spent  three 
years  transforming  a  1970s-style  IT 
operation  at  USG  into  a  true  part¬ 
nership  with  its  business  units. 

28  Brick-and-mortar  companies 
that  lost  IT  staffers  to  dot-com 
firms  are  welcoming  them  back 
with  open  arms  —  and  many  of 
the  perks  that  lured  them  away. 

30  Ford  and  UPS  are  six  months 

ahead  of  schedule  with  their  plans 
to  speed  the  delivery  of  new  cars 
and  trucks  from  factories  to  deal¬ 
ers,  thanks  to  a  Unix-based  logis¬ 
tics  package. 

40  Workstyles:  it  staffers  at 
Philip  Morris  know  better  than 
anyone  that  their  company  is  more 
than  a  maker  of  tobacco  products, 
since  they  support  technical  opera¬ 
tions  for  five  divisions. 


TECHNOLOGY  43 

44  With  privacy  a  growing  con¬ 
cern,  IT  managers  are  looking  to 
closely  manage  access  to  their 
largest  repositories  of  information: 
data  warehouses. 

48  Hands  On:  Reviews  editor  Rus¬ 
sell  Kay  looks  at  gadgets  that  can 
make  life  easier  and  more  produc¬ 
tive  for  users  who  must  travel  with 
computers. 

49  QuickStudy:  Transaction  pro¬ 
cessing  is  the  unambiguous  and 
independent  execution  of  a  set  of 
operations  on  data  in  a  relational 
database.  Find  out  more  in  this 
week’s  primer. 

50  Security  Journal:  Mathias 

Thurman  dives  into  security 
testing  on  his  company’s  newly 
redesigned  Web  site. 

51  Emerging  Companies:  rlx 

Technologies’  compact  blade 
servers  promise  to  cut  power  re¬ 
quirements  and  conserve  space 
in  Internet  data  centers. 


OPINIONS  20 

20  Patricia  Keefe  says  IT  will  be 
at  the  center  of  the  national  debate 
on  how  far  we  should  go  to  provide 
authorities  with  unfettered  access 
to  personal  data. 

20  Pimm  Fox  warns  that  compa¬ 
nies’  lack  of  IT  preparedness  for 
disasters  amounts  to  another 
tragedy  waiting  to  happen. 

2  Thornton  May  writes  that  secu¬ 
rity  professionals  must  learn  how 
to  communicate  the  message  of 
better  information  security,  if  busi¬ 
ness  executives  are  to  improve  at 
practicing  it. 

62  Frank  Hayes  says  a  Gartner 
analyst  made  a  gutsy  call  in  recom¬ 
mending  that  IT  shops  look  for 
alternatives  to  IIS.  But  do  Micro¬ 
soft  and  Bill  Gates  have  the  guts  to 
make  a  better  server? 
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ATTACK  AFTERMATH 

For  the  latest  Computer-world  arti¬ 
cles  about  the  aftermath  of  the 
Sept.  11  terrorist  attack,  visit  our 
special  coverage  page. 

www.computerworld.com/q7a1030 


NATIONAL  ID? 

What  do  you  think  about  the  idea  of 
implementing  a  national  identifica¬ 
tion  card  system  as  a  way  to  help 
stop  terrorism?  Post  your  opinion  in 
our  online  discussion  forum. 
www.computerworld.com/q7a1040 


TRAVEL  CHECKLIST 

If  you’re  going  on  a  business  trip, 
see  reviews  editor  Russell  Kay’s 
checklist  for  must-have  laptop 
accessories. 

www.computerworld.com/q723255 


CRM  COVERAGE 

For  news,  analysis  and  resources 
about  customer  relationship  man¬ 
agement,  head  to  our  CRM  Know! 
edge  Center. 

www.computerworld.com/q7k1300 
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Court  Pushes  for 
Microsoft  Settlement 

U.S.  District  Court  Judge  Colleen 
Kollar-Kotelly  ordered  Microsoft 
Corp.  and  the  government  to  meet 
“around  the  clock”  in  an  attempt  to 
settle  the  antitrust  case  against  the 
software  vendor.  The  judge  gave  the 
two  sides  until  Oct.  12  to  reach  an 
agreement  on  their  own.  If  they 
don’t,  she  said,  a  mediator  will  be 
called  in  and  given  until  Nov.  2  to 
help  produce  a  settlement. 

EDS  Adding  Portal  to 
Navy/Marine  Intranet 

The  U.S.  Navy  gave  Electronic  Data 
Systems  Corp.  a  $9  million  contract 
to  add  a  Web  portal  to  the  S6.9  bil¬ 
lion  Navy/Marine  Corps  Intranet 
project,  which  is  being  managed  by 
the  Plano,  Texas-based  IT  services 
firm.  EDS  will  manage  the  land- 
based  implementation  of  the  portal, 
and  the  Navy  will  be  in  charge  of  the 
at-sea  portion. 

StorageTek  Set  to 
Ship  Faster  Tape  Drive 

Louisville,  Colo.-based  Storage 
Technology  Corp.  next  week  plans 
to  release  a  new  tape  drive  that 
supports  data  transfer  rates  of  26 
bit/sec.  Tape  drives  previously  were 
limited  to  1G  bit/sec.  transfer  rates, 
which  hindered  the  performance  of 
storage-area  networks. 


Short  Takes 

Tokyo-based  technology  vendor 
NEC  CORP.  cut  its  revenue  forecast 
and  said  it  now  expects  to  report  a 
loss  of  about  S1.3  billion  for  its 
fiscal  year  ending  in  March,  after 
previously  predicting  a  profit  of 
more  than  S500  million. . . .  CLAR- 
ENT  CORP.,  a  Redwood  City,  Calif.- 
based  maker  of  technology  for  use 
in  converged  voice  and  data  net¬ 
works,  slashed  its  projected  third- 
quarter  revenue  total  by  more  than 
50%.  Clarent  also  said  it’s  laying 
off  about  half  of  its  700  workers. 
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Supply  Chains  Face 
Changes  After  Attacks 


Users  may  need  more  flexible  systems 


BY  MARC  L.  SONGINI 

SOME  COMPANIES  last 
week  said  automated 
supply  chain  systems 
are  minimizing  the 
immediate  impact  of 
the  Sept.  11  terrorist  attacks  in 
the  U.S.  on  their  global  supply 
and  distribution  networks.  But 
users  and  analysts  warned  that 
such  systems  may  need  to  be 
changed  to  provide  longer- 
term  answers  to  the  uncertain¬ 
ties  created  by  the  attacks. 

With  ground  and  air  trans¬ 
portation  schedules  more  er¬ 
ratic  now  and  customs  clear¬ 
ances  taking  longer  to  com¬ 
plete,  many  companies  are  be¬ 
ing  challenged  to  keep  their  as¬ 
sembly  lines  supplied  with 
product  components  and  to 
deliver  service  and  mainte¬ 
nance  parts  to  their  customers. 

Supply  chain  systems  may 
require  redesigns  so  compa¬ 
nies  can  do  a  better  job  of  han¬ 
dling  “surge  and  ebb”  situa¬ 
tions  in  product  demand  and 
stock  availability,  said  Scott 
Stephens,  chief  technology  of¬ 
ficer  at  the  Supply-Chain 
Council  Inc.,  a  Pittsburgh- 
based  industry  consortium. 

Users  and  vendors  will  also 
have  to  work  on  making  supply 
chain  systems  more  disaster- 
ready,  said  Michael  Bittner,  an 
analyst  at  AMR  Research  Inc. 
in  Boston.  For  example,  com¬ 
panies  should  build  automated 
alternative  sourcing  functions 
into  their  systems,  he  said. 
Technology  that  can  generate 
international  trade  compliance 
documents  is  also  becoming 
more  critical  for  users,  Bittner 
added. 

When  all  flights  in  the  U.S. 
were  temporarily  stopped  after 
the  attacks,  NCR  Corp.  quickly 
switched  from  airborne  carri¬ 
ers  to  ground  transportation. 
The  Dayton,  Ohio-based  tech¬ 
nology  vendor  has  also  had  to 
deal  with  the  loss  of  a  shared 


product  distribution  facility 
run  by  Atlanta-based  United 
Parcel  Service  Inc.  that  was  lo¬ 
cated  just  hundreds  of  feet 
from  the  World  Trade  Center 
in  New  York,  said  Todd  Bollen- 
bacher,  vice  president  of  ser¬ 
vice  design  and  lo¬ 
gistics  at  NCR. 

Fortunately,  NCR 
was  able  to  imple¬ 
ment  Y2k  contingen¬ 
cy  plans  supported 
by  its  supply  chain 
and  procurement 
system,  which  is 
based  on  applica¬ 
tions  from  Oracle 
Corp.  and  Fairport, 
N.Y.-based  Xelus 


JOHN  STOCK: 

HON  Industries  cut 
rush  delivery  ship¬ 
ment  times  in  half. 


Inc.,  plus  proprietary  software. 
Recoding  product  shipment  la¬ 
bels  took  only  hours,  Bollen- 
bacher  said. 

But  more  changes  may  fol¬ 
low.  NCR  is  looking  at  tweak¬ 
ing  its  distribution  systems  so 
they  take  the  longer  delivery 
times  of  ground-based  trans¬ 
portation  into  account  when 
setting  shipment  dates  for  its 
customers,  he  said. 
And  the  company  is 
considering  retool¬ 
ing  how  products  are 
distributed  to  its  own 
warehouses,  which 
would  also  require 
systems  changes. 

In  addition,  Bol- 
lenbacher  said  he 
would  like  to  see 
procurement  sys¬ 
tems  that  support  au- 


Chemical  Exchanges  Put 
Security  Under  Microscope 


Systems  reassessed 
in  wake  of  attacks 


BY  MICHAEL  MEEHAN 

Online  marketplaces  designed 
to  speed  business-to-business 
transactions  in  the  chemicals 
industry  are  now  rushing  to 
examine  their  security  systems 
to  look  for  blind  spots  that 
could  allow  terrorists  to  obtain 
potentially  deadly  substances. 

John  Beasley,  chairman  and 
founder  of  ChemConnect  Inc., 
said  the  San  Francisco-based 
online  exchange  launched  a 
full-scale  investigation  into  its 
user  screening  and  approval 
practices  after  the  Sept.  11  ter¬ 
rorist  attacks  on  the  U.S. 

“It  will  probably  take  a  few 
weeks  [to  finish  the  probe],  be¬ 
cause  we’re  trying  to  figure  out 
what  we’re  not  doing,”  Beasley 
said.  “What  we’re  looking  for  is 


not  obvious.  To  a  degree,  you 
have  to  think  like  a  terrorist  to 
figure  it  out.” 

CheMatch.com  Inc.  in  Hous¬ 
ton  has  initiated  a  similar 
scouring  of  its  security  prac¬ 
tices  and  technology,  said 
Michael  Ereli,  vice  president  of 
technology  at  the  ChemCon¬ 
nect  rival. 

CheMatch  previously  decid¬ 
ed  against  requiring  the  use  of 
digital  certificates  or  biomet¬ 
ric  identifiers  by  people  who 
process  transactions  through 
its  systems.  But  that’s  “the  first 
thing  we’re  taking  a  second 
look  at,”  Ereli  said.  “It  seemed 
too  cumbersome  at  the  time, 
but  everything’s  changed  now.” 

According  to  Beasley,  the  ba¬ 
sic  key  to  security  for  a  busi- 
ness-to-business  exchange  is 
to  gain  familiarity  with  those 
who  are  trading  goods  in  the 
largely  faceless  world  of 
e-commerce.  ChemConnect 


tomated  selection  of  alterna¬ 
tive  suppliers.  Currently,  he 
noted,  the  system’s  software  re¬ 
quires  some  manual  program¬ 
ming  to  switch  vendor  codes. 

John  Stock,  vice  president  of 
distribution  and  logistics  at 
HON  Industries  Inc.,  said  the 
Muscatine,  Iowa-based  office 
furniture  maker  used  a  capaci¬ 
ty  and  supply  chain  planning 
application  from  SynQuest 
Inc.  in  Norcross,  Ga.,  to  cut  its 
delivery  lead  times  on  rush 
shipments  from  two  weeks  to 
five  days  immediately  follow¬ 
ing  the  terrorist  attacks. 

The  software  provides  “im¬ 
mediate  visibility  to  capacities 
and  shipping  lanes,  and  in  the 
past,  we  didn’t  have  that,”  Stock 
said.  With  the  software  in 
place,  he  added,  workers  “did¬ 
n’t  have  to  get  on  the  phone  and 
check  capacity  availability  to 
fulfill  orders.”  I 


Quick 

Link© 


For  access  to  addi¬ 
tional  resources,  visit 
our  Supply  Chain/ERP 
Knowledge  Center. 


www.computerworld.com/q?k2000 


checks  business  licenses,  haz¬ 
ardous-materials  certifications 
and  company  profiles  for  every 
new  user  of  the  site,  he  said. 

The  exchange  also  blocks 
users  from  countries  that  are 
on  U.S.  Department  of  State 
warning  lists  and  cross-checks 
new  users  against  FBI  warning 
lists,  Beasley  said. 

But  ChemConnect  started  as 
an  industry  bulletin  board  for 
companies  informally  seeking 
new  business  partners  and  is 
still  sometimes  used  in  that  ca¬ 
pacity.  That  type  of  usage  has 
drawn  federal  attention  since 
the  inception  of  the  company’s 
Web  site,  Beasley  said.  Firms 
using  the  site  as  a  bulletin 
board  are  expected  to  screen 
their  potential  trading  partners 
themselves,  he  added. 

Owen  Kean,  director  of  on¬ 
line  communications  at  the 
American  Chemistry  Council 
Inc.,  a  lobbying  and  safety 
guidelines  group  in  Arlington, 
Va.,  noted  that  the  chemicals 
industry  is  reviewing  how  se¬ 
curely  it  trades  toxic,  caustic 
and  explosive  materials.  “Even 
what  we  thought  was  good  may 
not  be  good  enough,”  he  said.  I 


COMPUTERWORLD  October  1,2001 


7 


Feds  Consider  New  Antiterrorist  Smart-Card  Technology 

But  national  ID  cards  face  strong  opposition 


BY  DAN  VERTON 

WASHINGTON 

The  ability  of  the  Sept.  11  ter¬ 
rorists  to  obtain  forged  identi¬ 
fications  and  airport  creden¬ 
tials  has  prompted  the  federal 
government  to  consider  new 
technologies  for  authenticat¬ 
ing  the  identities  of  airline  pas¬ 
sengers  and  employees,  avia¬ 
tion  security  personnel  and 
federal  employees  with  access 
to  secure  facilities. 

The  White  House  reiterated 
last  week  that  it  has  no  plans  to 
introduce  a  national  ID  card. 
But  officials  from  the  Justice 
Department  and  other  federal 
agencies,  along  with  House  mi¬ 
nority  leader  Richard  Gephart 
(D-Mo.),  are  clearly  interested 
in  ID  card  technology.  Last 
week,  they  invited  Dan  Kehoe, 
president  and  CEO  of  Los 
Gatos,  Calif.-based  UltraCard 
Inc.,  to  Washington  to  demon¬ 
strate  his  company’s  UltraCard 
smart-card  technology. 

Security  officials  are  inter¬ 
ested  in  the  UltraCard  because 
it  has  unique  storage  capabili¬ 
ties  that  overcome  the  limita¬ 
tions  of  current  smart  cards  to 
store  multiple  sets  of  biomet¬ 
ric  data,  such  as  fingerprints, 
high-resolution  iris  scans  and 
voiceprints. 

The  UltraCard  is  capable  of 
storing  20MB  of  data,  whereas 
traditional  smart  cards  store 
only  64KB.  The  lack  of  storage 
capacity  has  been  the  main 
stumbling  block  in  the  use  of 
biometrics  in  smart  cards,  said 
Don  Mann,  chief  technology 
officer  at  UltraCard. 

“To  do  full  security  without 
false  acceptance,  you  need 
more  than  one  biometric,”  said 
Mann.  “You  need  more  than 
one  fingerprint;  [you  need]  a 
virus  scan  and  a  high  level  of 
encryption,”  he  said.  It  takes 
120KB  to  store  a  single  FBI-lev¬ 
el  fingerprint,  Mann  said. 

The  Bush  administration’s 
reluctance  to  push  for  a  nation¬ 
al  ID  card  comes  as  no  surprise 
to  those  familiar  with  the 
thorny  political  issues  sur¬ 


rounding  the  proposal.  The 
Clinton  administration  and 
Congress  entertained  the  idea 
in  1998,  when  agencies  sug¬ 
gested  using  ID  cards  to  track 
information  on  foreign  work¬ 
ers,  health  care  recipients  and 
parents  who  are  behind  in 
child  support  payments.  Past 
legislative  proposals  failed  due 
to  concerns  about  potential 
privacy  violations,  but  the 
Sept.  11  terrorist  attacks  have 
rekindled  the  debate. 

The  idea  of  a  national  ID 
card  is  not  without  its 
proponents.  Oracle 
Corp.  CEO  Lar- 
®L\ ,  ry  Ellison 

ti mMi  has  of- 


THE 

ULTRACARD  ^  J  “ 
can  store  20MB 

data,  rather  than  the  typical  64KB. 


BY  PATRICK  THIBODEAU 

WASHINGTON 

The  Bush  administration  is 
seeking  quick  action  by  Con¬ 
gress  on  a  sweeping  set  of  anti¬ 
terrorism  laws  intended  in  part 
to  make  it  easier  for  law  en¬ 
forcement  agencies  to  track 
communications  over  phones 
and  computer  networks. 

The  proposal  expands  the 
government’s  wiretap  authori¬ 
ty,  allowing  law  enforcement 
agencies  to  seek  one  order  to 
track  communications  in  any 
jurisdiction  and  over  any  tech¬ 
nology.  In  short,  it  gives  en¬ 
forcement  agencies  the  ability 
to  monitor  an  individual,  re¬ 
gardless  of  what  form  of  com¬ 
munication  —  landline,  e-mail 
or  cell  phone  —  a  suspect  uses. 

But  the  proposal  doesn’t  ad¬ 
dress  encryption,  which  is  at¬ 
tracting  increasing  legislative 


fered  the  government  the  soft¬ 
ware  necessary  to  build  the  in¬ 
frastructure  for  a  national  ID 
card  system  free  of  charge. 

An  Oracle  spokesman  con¬ 
firmed  Ellison’s  pledge  but 
said  the  company  had  no  de¬ 
tails  on  the  type  of  software  El¬ 
lison  had  in  mind. 

Ellison’s  suggestion  to  build 
a  central  database  has  been 
one  of  the  key  areas  of  concern 
for  members  of  Congress  and 
privacy  groups.  The  Ultra- 
Card,  on  the  other  hand,  would 
avoid  that  problem  by  enabling 
authorities  to  conduct  local  au¬ 
thentication  without  having  to 
transmit  biometric  data  across 
the  Internet  “to  a  hackable 
database,”  said  Mann.  All  of 
the  biometrics  and  algorithms 
could  be  stored  on  the  card. 

Donna  Farmer,  CEO  of  the 
New  York-based  Smart  Card 
Alliance,  an  industry  group 
representing  185  technology 
providers,  said  that  while  she 
isn’t  familiar  with  the  details  of 
the  UltraCard’s  capabilities, 


interest.  Lawmakers  are  inves¬ 
tigating  whether  encryption 
software  should  be  developed 
with  back  doors  that  could  be 
opened  with  a  court  order. 

The  current  law  requires  in¬ 
vestigators  to  seek  court  ap¬ 
proval  in  each  jurisdiction  for 
each  device  being  monitored. 
That  law  is  “ill-adapted  for  use 
in  communications  over  multi¬ 
ple  cell  phones  and  computer 


many  of  the  64KB  cards  that 
are  now  available  are  multiple- 
application  cards  and  have 
some  capabilities  to  support 
biometrics  and  multiple  en¬ 
cryption-key  processing. 

In  fact,  the  Defense  Depart¬ 
ment  in  May  began  rolling  out 
7,000  smart  cards  as  part  of  its 
Common  Access  Card  (CAC) 
program.  The  CAC  uses  pub¬ 
lic-key  infrastructure  certifi¬ 
cates  and  a  central  database 
known  as  the  Real-time  Auto¬ 
mated  Personnel  Identifica¬ 
tion  System.  Fingerprint  im¬ 
ages,  however,  aren’t  stored  on 
the  card  for  privacy  reasons. 

According  to  Farmer,  the 
policy  issues  surrounding  per¬ 
sonal  privacy  and  the  develop¬ 
ment  of  a  national  ID  card  re¬ 
main  the  driving  force  behind 
the  reluctance  to  expand  the 
technology’s  use. 

“There  are  a  lot  of  issues  that 
get  wrapped  up  in  the  national 
ID  discussion  that  have  noth¬ 
ing  to  do  with  the  technology,” 
said  Farmer,  who  has  also 


networks,”  said  Attorney  Gen¬ 
eral  John  Ashcroft  at  a  House 
Judiciary  Committee  meeting 
last  week. 

“We’re  not  asking  the  law  to 
expand,  just  to  grow  as  tech¬ 
nology  grows,”  he  said.  Terror¬ 
ists  using  networks  to  mask 
communications  have  a  “com¬ 
petitive  advantage,”  he  added. 

Lawmakers,  while  eager  to 
give  law  enforcers  the  legal 
tools  they  need,  are  worried 
that  some  of  the  measures  may 
not  hold  up  in  court.  “Some 
have  said  it’s  unconstitutional 
on  its  face,”  said  Rep.  John 
Conyers  (D-Mich.).  “Let  me  be 
more  polite:  We’re  troubled; 


Getting  Carded 

How  the  UltraCard  compares  j 
with  a  traditional  smart  card;  i 

UltraCard:  20MB  of  storage  1 
Smart  card:  64KB  of  storage 

UltraCard:  Applies  hard 
disk  drive  technology  to 
credit  card-size  smart  card. 
Smart  card:  Cost  and  size  in¬ 
crease  along  with  capacity. 

UltraCard:  $5  to  $6 
UltraCard  Reader:  $100 


served  as  legal  counsel  to  the 
House  Science  Committee. 
“We  still  have  all  of  the  policy 
and  procedure  issues  that 
we’ve  had  before.  We’re  trying 
to  be  sensitive  to  the  fact  that 
it’s  still  just  a  tool,  and  it  won’t 
fix  every  possible  problem.” 

UltraCard  plans  to  ship  the 
first  set  of  cards  to  government 
agencies  in  China  and  Europe 
in  the  first  quarter  of  next  year. 
However,  production  could  be 
placed  on  a  fast  track  for  deliv¬ 
ery  in  the  U.S.  at  the  same  time 
or  sooner,  Kehoe  said.  I 


we’re  deeply  troubled.” 

A  key  concern  is  that  the  law 
goes  beyond  terrorists  and 
could  be  used  in  the  prosecu¬ 
tion  of  routine  criminal  cases. 
One  provision  that’s  raising 
eyebrows  would  allow  U.S. 
prosecutors  to  use  wiretap  in¬ 
formation  obtained  by  foreign 
governments,  even  if  the  col¬ 
lection  of  that  information  vio¬ 
lates  U.S.  search-and-seizure 
protections.  Others  critics  say 
the  proposal  would  justify  the 
broad  use  of  Carnivore,  the 
FBI’s  e-mail  search  technology. 

Jerry  Berman,  who  heads  the 
Center  for  Democracy  and 
Technology,  a  privacy  rights 
group  in  Washington,  said 
there  may  be  a  need  for  new  le¬ 
gal  authorities.  “But  there  is 
potential  serious  collateral 
damage  to  our  Constitution 
and  civil  liberties  in  the  attor¬ 
ney  general’s  bill,”  he  said. 

Civil  libertarians  said  they 
are  worried  that  this  legisla¬ 
tion  may  move  through  Con¬ 
gress  too  fast.  But  final  action 
on  the  bill  may  be  several 
weeks  away.  I 


Legal  Remedies 

The  Bush  administration  sent  a  package  of  new  antiterrorism 
laws  to  Congress  last  week. 

Wiretapping:  Current  law  restricts  wiretaps  to  certain  locations.  Pro¬ 
posed  change  would  let  investigators  get  a  single  order  to  track  communica¬ 
tions  across  multiple  jurisdictions  and  over  different  types  of  systems. 
Broader  definition:  Expands  the  definition  of  terroriststo  include 
those  who  lend  support  to  terrorist  organizations  and  gives  federal  immigra¬ 
tion  authorities  the  power  to  detain  suspects. 


Legislation  Pushed  to  Track 
Terrorists  Over  Networks 
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ICANN  Meeting  Will 
Tackle  Net  Security 

The  Internet  Corporation  for 
Assigned  Names  and  Numbers 
(ICANN)  said  it  plans  to  go  ahead 
with  meetings  scheduled  next 
month  in  Marina  del  Rey,  Calif.,  de¬ 
spite  the  Sept.  11  terrorist  attacks. 
But  because  of  the  attacks,  ICANN 
added,  the  meeting’s  agenda  will 
now  focus  on  the  stability  and  secu¬ 
rity  of  the  Internet’s  naming  and 
addressing  systems. 

First  .info  Internet 
Sites  in  Operation 

The  first  52,000  Internet  domain 
names  registered  under  the  new 
.info  top-level  domain  have  become 
operational,  allowing  companies  to 
start  using  those  addresses  for  their 
Web  sites.  Of  the  seven  new  top- 
level  domains  approved  last  year  by 
ICANN,  .info  is  the  first  to  go  live. 
It’s  being  managed  by  Dublin-based 
Afilias  Ltd. 

Yahoo  Adds  Online 
Conference  Service 

In  the  aftermath  of  the  terrorist  at¬ 
tacks,  Sunnyvale,  Calif.-based  Ya¬ 
hoo  Inc.  announced  a  pair  of  corpo¬ 
rate  Internet  broadcast  services 
aimed  at  providing  alternatives  to 
business  travel.  Included  is  a  ser¬ 
vice  called  Virtual  Conference, 
which  Yahoo  said  will  let  compa¬ 
nies  hold  online  conferences  with 
thousands  of  participants. 


Short  Takes 

HEWLETT-PACKARD  CO.  won  a 
three-year,  S185  million  contract  to 
provide  IT  services  at  seven  opera¬ 
tions  centers  owned  by  Finland- 
based  mobile  phone  maker  NOKIA 
CORP _ A  21-year-old  Nether¬ 

lands  resident  who  created  the 
Anna  Kournikova  e-mail  worm  that 
spread  last  February  was  sentenced 
by  a  Dutch  court  to  perform  150 
hours  of  community  service  or 
spend  75  days  in  jail. 
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Agencies  Urge  Quick  Rollout 
Of  Wireless  Location  Service 


Public-safety  organizations  implore  FCC 
to  uphold  start  date  for  Enhanced  911 


BY  BOB  BREWIN 

n  anticipation  of  to¬ 
day’s  deadline,  three  na¬ 
tional  public-safety  or¬ 
ganizations  last  week 
urged  the  Federal  Com¬ 
munications  Commission  to 
stop  granting  waivers  and  ex¬ 
tensions  to  cellular  com¬ 
munications  compa¬ 
nies  that  would  allow 
them  to  miss  the  long- 
mandated  start  date 
for  Enhanced  911  wireless  loca¬ 
tion  services. 

The  agencies  said  the  FCC 
should  hit  carriers  that  miss 
the  deadline  with  “serious 
penalties”  for  noncompliance. 

The  Sept.  11  terrorist  attacks 
on  the  U.S.  —  and  the  subse¬ 
quent  heavy  use  of  cellular 
networks,  as  well  as  jury- 
rigged  automatic  location  sys¬ 
tems  in  New  York  —  have 
made  it  difficult  for  the  FCC 
to  grant  new  waivers  for  a  sys¬ 
tem  that  it  first  envisioned 
in  1996,  said  Jim  Goerke,  wire¬ 
less  implementation  director 
at  the  National  Emergency 
Number  Association  (NENA) 


in  Columbus,  Ohio. 

The  Sept.  11  attacks  have 
helped  focus  attention  on  the 
importance  of  having  a  system 
that  can  determine  the  loca¬ 
tion  of  people  who  call  911  on 
cell  phones,  Goerke  said, 
adding  that  the  cellular  carri¬ 
ers  “have  had  a  lot  of  time  to 
get  this  together.” 

While  the  FCC  has 
not  indicated  how  it 
will  act,  analysts  ex¬ 
pect  it  to  take  a  strong  stand. 
The  chances  of  continued  le¬ 
niency  by  the  commission  “are 
about  equal  to  everyone  being 
a  winner  in  Las  Vegas,”  said 
Alan  Reiter,  an  analyst  at  Wire¬ 
less  Internet  &  Mobile  Com¬ 
puting  in  Chevy  Chase,  Md. 

The  technology  isn’t  perfect, 
but  it  does  exist,  said  Reiter. 
The  cellular  industry  has  been 
engaged  in  “legal  stalling,”  a 
tactic  that  won’t  work  in  the 
postattack  world,  he  said. 

NENA,  the  Association  of 
Public  Safety  Communications 
Officials  International  Inc.  and 
the  National  Association  of 
State  911  Administrators,  a 


NENA  affiliate,  told  the  FCC  in 
a  filing  on  Sept.  21  that  the  ter¬ 
rorist  attacks  require  the  com¬ 
mission  “to  move  as  quickly  as 
possible  to  implement  fully  ac¬ 
curate  location  capability  for 
the  nation’s  wireless  users.” 

Goerke  said  that  based  on 
his  reading  of  the  FCC’s  emer¬ 
gency-communications  files, 
only  two  of  the  major  carriers 
—  Atlanta-based  Cingular 
Wireless  and  Redmond,  Wash.- 
based  AT&T  Wireless  Services 
Inc.  —  are  even  close  to  meet¬ 
ing  the  requirements. 

Technology  Options 

Travis  Larson,  a  spokesman 
for  the  Cellular  Telecommuni¬ 
cations  &  Internet  Association 
in  Washington,  said  that  al¬ 
though  the  cellular  industry 
“has  been  working  diligently 
for  a  number  of  years”  to  meet 
the  deadline,  the  technology  to 
make  the  system  work  isn’t  yet 
available. 

The  FCC  has  mandated  that 
the  carriers  choose  either  an 
automatic  location  system  that 
uses  Global  Positioning  System 
(GPS)  chips  in  receivers  en¬ 
hanced  by  back-end  processing 
systems,  or  a  network-based 
system  that  uses  sophisticated 
triangulation  from  nearby  cell 


towers  to  locate  a  handset. 

The  FCC  wants  carriers  us¬ 
ing  a  handset  system  to  provide 
location  accuracies  to  within  50 
meters  for  67%  of  all  calls  and 
accuracy  to  within  150  meters 
for  95%  of  calls.  Carriers  using  a 
network  system  must  provide 
accuracy  to  within  100  meters 
on  67%  of  calls  and  to  within 
300  meters  for  95%  of  calls. 

The  deployment  of  automatic 
location  systems  will  be  costly. 
Diane  McCormick,  director  of 
investor  relations  and  a  spokes¬ 
woman  for  Allen  Telecom  Inc. 
in  Beechwood,  Ohio,  estimated 
that  a  nationwide  rollout  of  lo¬ 
cation  technology  could  cost 
$1  billion  to  $3  billion. 

Carriers  that  have  opted  for 
the  handset  system  said  they 
have  had  problems  getting  the 
base-station  equipment  to  up¬ 
grade  their  networks.  Sprint 
PCS  Group  said  it  has  run  into 
problems  with  its  two  major 
equipment  suppliers,  Murray 
Hill,  N.J.-based  Lucent  Tech¬ 
nologies  Inc.  and  Brampton, 
Ontario-based  Nortel  Net¬ 
works  Corp. 

Kansas  City,  Mo.-based 
Sprint  told  the  FCC  in  a  filing 
on  Sept.  20  that  it  planned 
to  start  selling  GPS-enabled 
phones  today  and  that  it  will 
sell  GPS-equipped  phones  ex¬ 
clusively  as  of  Dec.  31, 2002. 

Goerke  said  he  understands 
the  issues  carriers  face  in  up¬ 
grading  their  networks  but  also 
wonders  if  their  problems  and 
delays  are  a  matter  of  timing. 
The  FCC  should  use  its  investi¬ 
gatory  powers  to  determine 
whether  equipment  problems 
are  the  result  of  delayed  or¬ 
ders,  said  Goerke. 

“If  I  were  the  government,  I 
would  fine  the  carriers  each  a 
million  dollars  a  day  until  they 
comply  with  the  FCC  location 
mandate,”  said  Reiter.  ft 

For  more  informa¬ 
tion,  visit  our 
Mobile/Wireless 
Knowledge  Center. 

www.computerworid.com/q7k1000 


How  Wireless  Enhanced  911  Locates  Callers 

Software  in  base  stations  at  each  cell  tower  uses  a  sophisticated  triangulation  system  to  determine 
the  location  of  a  caller  to  within  100  meters.  That  information  is  translated  into  latitude  and  longi¬ 
tude  coordinates  and  is  then  transmitted  to  a  police  dispatch  center.  There,  the  caller’s  location  is 
superimposed  on  a  geographic  information  system  display.  This  allows  the  dispatcher  to  determine 
at  a  glance  the  location  of  the  caller  and  the  nearest  emergency  units. 


WIRELESS 
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Technology  for  Complying  With  Antiterror  Rules  Gets  Boost 


Automated  systems  help  monitor  illegal  financial  transactions 


BY  DAN  VERTON 

WASHINGTON 

The  Sept.  11  attacks  heightened 
awareness  that  U.S.  financial 
institutions  and  other  firms 
face  a  broad  range  of  fines  and 
criminal  charges  if  they  allow 
terrorists  —  or  any  of  thou¬ 
sands  of  other  individuals  cur¬ 
rently  on  government  security 
watch  lists  —  to  conduct  finan¬ 
cial  or  international  trade 
transactions.  And  companies 
are  equipping  themselves  with 
technology  to  prevent  that 
from  happening. 

The  driving  force  is  long¬ 
standing  regulations  put  in 
place  by  the  U.S.  Treasury  De¬ 
partment’s  Office  of  Foreign 
Asset  Control  (OFAC),  which 
enforces  economic  and  trade 
sanctions  against  targeted  for¬ 
eign  countries,  organizations 
that  sponsor  terrorism  and  in¬ 
ternational  narcotics  traffick¬ 
ers.  The  OFAC  requires  banks, 
securities  companies,  export 
firms  and  tourism  businesses 
to  report  within  10  days  all  ille¬ 
gal  or  suspicious  transactions 
involving  any  one  of  thousands 
of  so-called  Specially  Desig¬ 
nated  Nationals  currently  on 
OFAC  and  other  government 
watch  lists. 

Those  regulations,  along 
with  an  executive  order  signed 
Sept.  23  by  President  Bush  that 
freezes  the  assets  of  an  addi¬ 
tional  two-dozen  individuals 
and  groups  as  part  of  the  new 
war  on  terrorism,  are  prompt¬ 
ing  companies  to  ensure  that 
they  have  all  of  the  automated 
tools  they  need  to  prevent  ille¬ 
gal  transactions  from  slipping 
through  the  cracks. 

Heightened  Concerns 

“This  is  really  the  first  time 
that  this  mandate  is  being 
driven  home,”  said  Chuck 
Schardong,  product  manager 
at  Innovative  Systems  Inc.,  a 
Pittsburgh-based  firm  that  de¬ 
velops  OFAC  compliance  soft¬ 
ware  for  banks  and  other  com¬ 
panies.  Within  a  few  days  of 


the  Sept.  11  terrorist  attacks, 
customers  began  contacting 
Innovative  Systems  for  up¬ 
grades  and  information  on  the 
FBI’s  hijacker  list,  he  said. 

“There  definitely  has  been 
an  upswing  in  the  number  of 
calls  we’ve  received  since  Sept. 
11,”  said  Dave  Leverenz,  senior 
product  manager  for  the  risk- 
reduction  product  line  at 
Thomson  Financial  Publishing 
in  Skokie,  Ill.  A  few  years  ago, 
most  organizations  “didn’t 
even  know  what  OFAC  stood 
for,”  he  said. 

For  large  companies  that 
process  hundreds  or  thousands 
of  transactions  per  day,  using 
an  automated  system  rather 
than  a  manual  one  could  mean 
substantially  lower  fines  if  ille¬ 
gal  transactions  are  missed  but 
later  discovered  by  auditors. 


BY  LINDA  ROSENCRANCE 

Concerns  about  travel  and  se¬ 
curity  in  the  wake  of  the  Sept. 
11  terrorists  attacks  on  the  U.S. 
have  caused  many  upcoming 
IT-related  trade  shows  to  be 
postponed  or  canceled. 

“This  is  the  worst  we’ve  ever 
seen,”  said  Michael  Hughes, 
research  director  at  Tradeshow 
Week,  a  Los  Angeles-based 
trade  show  publication.  “About 
45%  of  major  trade  shows  in  all 
industries,  including  IT,  are 
being  canceled  or  postponed.” 

Hughes  said  shows  aren’t  be¬ 
ing  held  for  several  reasons. 
Some  of  them  were  originally 
scheduled  to  take  place  soon 
after  the  date  of  the  attacks,  but 
Americans  were  still  reeling 
from  the  news  and  didn’t  feel  it 


Several  financial  institutions 
contacted  last  week  declined 
to  comment,  citing  increased 
security  concerns.  However, 
one  risk  manager  at  a  major 
bank  in  the  Southwest  ac¬ 
knowledged  that  manual  sys¬ 
tems  are  still  being  used  at 
his  bank. 

“Any  bank  processing  75  to 
100  wire  transfers  a  day  needs 
and  probably  already  uses  an 
automated  system,”  said  Lev¬ 
erenz.  Larger  banks  typically 
process  thousands  of  transac¬ 
tions  per  second. 

In  the  banking  industry,  most 
OFAC  violations  are  uncovered 
when  one  bank  discovers  and 
reports  an  illegal  wire  transfer 
that  wasn’t  caught  by  the  send¬ 
ing  bank.  Banks  and  companies 
are  required  to  report  any  ille¬ 
gal  transaction  that  passes 


was  safe  to  travel,  he  said.  Com¬ 
panies  have  also  been  con¬ 
cerned  about  shipping  freight 
because  of  the  increased  cost 
of  beefed-up  security  in  re¬ 
sponse  to  the  disaster. 

“People  are  still  dealing  with 
grief”  and  remain  concerned 
about  air  travel  and  safety, 
Hughes  said. 

Karen  Jagoda,  president  of 
Baltimore-based  Turtlesnap 
Ventures  Inc.,  decided  to  post¬ 
pone  an  investment  sympo¬ 
sium  called  Global  Trends  in 
Technology  Development  that 
was  scheduled  to  open  last 
week  in  Washington. 

“[Some]  of  our  key  speakers 
and  participants  felt  they  could 
not  attend  at  this  time  because 
of  concerns  over  international 


AT  A  GLANCE 


Factoring  In 
The  OFAC 

Questions  asked  by  regulators 
and  auditors: 

■  Does  the  institution  have  policies  and 
procedures  in  place  for  complying  with 
OFAC  laws  and  regulations? 

■  Does  the  institution  maintain  a  current 
listing  of  prohibited  countries,  entities  and 
individuals? 

■  Is  the  OFAC  information  disseminated  to 
offices  in  foreign  countries? 

■  Are  new  accounts  compared  with  the 
OFAC  listings  prior  to  opening? 

■  Are  established  accounts  regularly  com¬ 
pared  with  current  OFAC  listings? 


through  a  trading  partner’s  sys¬ 
tem,  said  industry  experts. 

“It  can  create  an  entire  chain 
of  responsibility,”  said  Schar¬ 
dong. 

That  chain  of  responsibility 


travel  and  security,”  Jagoda 
said.  “We  received  a  number  of 
e-mails  from  speakers  and  at¬ 
tendees  saying  they  were  con¬ 
cerned  about  their  safety.” 

Staying  the  Course 

Still,  despite  the  many  can¬ 
cellations  and  postponements, 
some  trade  shows  are  being 
held  as  scheduled. 

Kim  Myhre,  president  of  IT 
marketplace  Comdex,  which  is 
presented  by  Los  Angeles- 
based  Key3Media  Events  Inc., 
said  Comdex/Fall  2001  in  Las 
Vegas  will  go  on  as  planned 
from  Nov.  12-16. 

“While  our  thoughts  as  fami¬ 
ly  members  and  businesspeo¬ 
ple  have  been  focused  on  the 
well-being  of  our  fellow  Amer¬ 
icans,  we  decided  we  need  to 
get  back  to  work,”  Myhre  said. 
“We  haven’t  had  any  major 
cancellations,  and  all  our 
keynote  speakers  have  con¬ 
firmed.  This  is  a  little  bit  of  un¬ 
charted  territory,  and  anything 
can  happen,  but  we’re  going 
ahead  as  planned.” 

Many  IT  professionals  say 
they’re  still  planning  to  attend 


IT  Trade  Show  Schedules 
Impacted  by  Sept  tl  Attacks 

Travel  concerns  ground  many  industry  events 


may  also  be  expanded  world¬ 
wide  and  could  have  a  signifi¬ 
cant  impact  on  global  business 
practices,  said  Kathy  Little,  co¬ 
chairwoman  of  the  govern¬ 
ment  and  international  prac¬ 
tice  group  at  Washington  law 
firm  Vinson  and  Elkins  LLP. 

President  Bush  may  take  ad¬ 
ditional  steps  such  as  placing 
sanctions  on  foreign  banks 
and  companies  that  refuse  to 
help  the  U.S.  locate  the  finan¬ 
cial  assets  of  terrorist  groups. 
Little  noted. 

Other  industry  experts  fore¬ 
see  OFAC  regulations  being 
expanded  to  other  industries, 
such  as  the  airline  industry.  “I 
see  no  reason  why  flight  mani¬ 
fests  shouldn’t  be  compared 
against  these  lists,”  said 
Schardong. 

“Prior  to  Sept.  11,  most  finan¬ 
cial  institutions  saw  the  regu¬ 
lations  as  a  burden,”  said  Greg 
Kessler,  a  product  manager  at 
Bridger  Systems  Inc.,  a  Boze¬ 
man,  Mont.-based  developer  of 
OFAC  management  software. 
“Now  they’re  seeing  it  as  a  way 
to  combat  terrorism.”  > 


trade  shows  and  conferences 
because  it’s  more  important 
than  ever  for  them  to  meet  and 
share  information. 

Ann  Marie  Horcher,  a  senior 
specialist  in  electronic  work¬ 
place  services  at  Dow  Corning 
Corp.  in  Midland,  Mich.,  said 
she  still  plans  to  attend  this 
week’s  Momentum  2001,  a 
worldwide  user  conference  be¬ 
ing  held  by  Pleasanton,  Calif.- 
based  content  management 
provider  Documentum  Inc. 
Dow  Corning  has  canceled  all 
company  travel  that  isn’t  cru¬ 
cial  for  business  for  the  time 
being  for  security  reasons, 
Horcher  added. 

“There  are  two  reasons 
we’re  planning  to  go.  One  is 
that  we  had  other  travel  op¬ 
tions  —  we’re  going  to  drive,” 
said  Horcher,  a  speaker  at  the 
event.  “And  also  because  I 
need  to  know  what  direction 
my  vendors  are  going  in  for 
next  year.”  I 

For  a  list  of  all 
canceled  and 
postponed  shows, 
visit  our  Web  site. 

www.computerworld.com/q7q5010 
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IIS  Is  as  Secure  as  Other  Web 

Servers,  Claims  Microsoft 

Company  responds  to  Gartner’s  advice 
that  users  should  consider  alternatives 


BY  JAIKUMAR  VIJAYAN 

ICROSOFT  says 
its  Internet  In¬ 
formation  Serv¬ 
er  (IIS)  is  as  se¬ 
cure  as  compa¬ 
rable  products  from  other  ven¬ 
dors.  The  company  made  the 
assertion  in  response  to  a  re¬ 
cent  Gartner  Inc.  recommen¬ 
dation  that  enterprises  con¬ 
sider  alternatives  to  IIS  if  they 
had  been  hit  by  both  the  Code 
Red  and  Nimda  worms. 

According  to  the  Gartner 
advisory,  the  success  of  the 
Nimda  worm  and  of  Code  Red 
before  that  “highlights  the  risk 
of  using  IIS  and  the  effort 
involved  in  keeping  up  with 
Microsoft’s  frequent  security 
patches.” 

Stamford,  Conn.-based  Gart¬ 
ner’s  advisory  was  issued  in 
the  wake  of  the  recent  attack 
by  the  mass-mailing  Nimda 
worm  that  infected  systems 
running  Microsoft  Windows 
95,98,  ME,  NT  and  2000. 

Unlike  other  worms  and 
viruses,  Nimda  spread  via  net- 
work-based  e-mail,  as  well  as 
by  Web  browsers,  and  it  ex¬ 
ploited  back  doors  left  open  by 
previous  viruses  such  as  Code 
Red  and  Sadmind. 

When  Nimda  hit,  Microsoft 
advised  installing  patches  and 
service  packs  on  virtually  every 
PC  and  server  running  Internet 
Explorer,  IIS  Web  servers  or 
the  Outlook  Express  e-mail 
client,  just  as  it  had  done  with 
Code  Red,  said  John  Pescatore, 
a  Gartner  analyst  and  author  of 
the  advisory. 

This  constant  patching  and 
maintaining  has  resulted  in  a 
high  cost  of  ownership  for  IIS. 
As  a  result,  Pescatore  recom¬ 
mended  that  enterprises  that 
had  been  hit  by  both  Nimda 
and  Code  Red  look  at  alterna¬ 
tives  such  as  Sun  Microsys¬ 
tems  Inc.’s  iPlanet  and  the 


Apache  Web  server  software 
“The  Gartner  recommenda¬ 
tion  overlooks  the  fact  that 
security  is  an  industrywide 
challenge  and  that  serious  vul¬ 
nerabilities  have  been  found 
in  all  Web  server  products  and 
platforms,”  said  a  Microsoft 


Projects  may  help 
private-sector  IT 

BY  PATRICK  THIBODEAU 

WASHINGTON 

The  Bush  administration  has 
significantly  increased  spend¬ 
ing  for  IT  research  projects, 
awarding  $156  million  in  grants 
last  week  to  seed  ideas  that 
may  ultimately  help  corporate 
IT  organizations. 

One  such  project,  which  re¬ 
ceived  $5.5  million  from  the 
National  Science  Foundation 
(NSF),  is  intended  to  reduce 
the  typical  10-  to  30-year  span 
before  new  algorithms  find 
their  way  into  applications, 
according  to  Guy  Blelloch,  a 
computer  science  professor  at 
Carnegie  Mellon  University  in 
Pittsburgh.  Businesses  use  al- 


spokesman.  “It  is  a  folly  to  be¬ 
lieve  that  if  you  switch  from 
one  product  to  another,  you 
are  protected. 

“Those  customers  that  in¬ 
stalled  all  the  [recommended] 
patches  were  protected  from 
Nimda,”  the  spokesman  said. 

But  the  Gartner  recommen¬ 
dation  seems  to  be  resonating 
with  at  least  some  users. 

Palo  Alto,  Calif.-based  Fen¬ 
wick  &  West  LLP  plans  to  mi¬ 


gorithms  extensively  in  opti¬ 
mization,  for  purposes  such 
as  developing  efficient  sched¬ 
uling  of  airline  flights  and 
trucking  routes. 

“The  smarter  the  algorithm, 
the  better  you  can  get  the 
schedules,”  said  Blelloch. 

But  there’s  currently  a  dis¬ 
connect  between  application 
developers  and  algorithm  re¬ 
searchers,  said  Blelloch,  who’s 
heading  the  project.  “It’s  really 
a  communications  gap,”  he  said. 
A  large  part  of  the  grant  is 
aimed  at  bringing  researchers 
and  application  developers  to¬ 
gether  through  such  activities 
as  workshops. 

The  NSF,  a  federal  agency 
that  funds  basic  scientific  re¬ 
search,  awarded  $90  million  in 
IT  research  last  year.  The  Bush 
administration  has  made  tech¬ 
nology  research  a  priority. 


grate  from  its  IIS  servers  to  a 
Linux  operating  environment 
running  Apache’s  Web  server 
software  because  of  security 
concerns. 

Financial  considerations  are 
also  driving  the  move  —  it’s 
cheaper  to  run  Apache  on 
Linux  than  it  is  to  run  IIS,  said 
Matt  Kesner,  chief  technical 
officer  at  the  law  firm. 

Fenwick  &  West  escaped  be¬ 
ing  hit  by  last  week’s  Nimda 
virus.  But  the  experience  of 
dealing  with  a  previous  IIS- 
related  vulnerability  and  the 
continuous  effort  needed  to 
keep  IIS  secure  were  bother¬ 
some,  Kesner  said. 

Moving  to  Apache  is  going 
to  be  difficult,  and  it  will  offer 
less  functionality  than  IIS,  pre¬ 
dicted  Kesner.  Even  so,  he  said, 
“we  think  [Apache]  is  going  to 
be  a  smaller  target.” 

Because  of  security  con¬ 
cerns,  Planogramming  Solu¬ 
tions  Inc.,  a  space-management 
company  in  Jacksonville,  Fla., 


“Our  objective  is  to  support 
the  development  of  software 
and  IT  services  that  will  help 
scientists  and  engineers  make 
the  kinds  of  discoveries  that 
will  eventually  be  applied  by 
industry,”  said  Rita  Colwell, 
director  of  the  NSF. 

One  of  the  larger  awards  — 


Role  of  the  NSF 

The  National  Science  Foun¬ 
dation  is  a  federal  agency 
that  funds  basic  scientific 
research  that’s  too  risky  and 
expensive  for  companies. 

►The  NSF  this  year  re¬ 
ceived  more  than  2,000 
proposals  for  funding. 

It  awarded  309. 


►The  NSF  hopes  to  award 

$217  million  next  year. 


is  moving  to  a  Linux/Apache 
environment,  even  though  it’s 
more  difficult  to  set  up  than 
IIS,  said  Pat  Quick,  an  informa¬ 
tion  systems  specialist  at  the 
company. 

“I  know  that  Windows,  Of¬ 
fice  and  many  other  packages 
are  very  popular  and  have  a 
wide  reach  that  makes  them 
the  target  to  get  to.  But  to  be 
the  biggest  should  carry  some 
responsibility  to  be  the  best. 
This  is,  sadly,  not  the  case,” 
Quick  wrote  in  an  e-mail  to 
Computerworld. 

Not  everybody  shared  the 
same  sentiments,  though. 

“To  be  fair,  Microsoft  has 
responded  well  in  every  case” 
where  its  software  has  been 
attacked,  said  a  user  at  a  large 
Seattle-based  company  who 
requested  anonymity. 

“Why  would  you  move  to 
[Linux]  with  effectively  no 
support,  running  a  Web  serv¬ 
er  that  doesn’t  have  as  much 
functionality  [as  IIS]?  There’s 
a  hidden  cost  of  ownership  in 
that  model  as  well,”  he  said.  I 

For  more  information 
on  this  topic,  head 
to  our  Security 
Knowledge  Center. 

www.computerworld.com/q7k1600 


approximately  $7.5  million  —  is 
to  fund  an  ongoing  project  at 
the  University  of  California, 
Berkeley.  That  project  is  de¬ 
signed  to  create  a  broad-based 
computer  network  that  would, 
among  other  things,  use  sen¬ 
sors  to  optimize  automobile 
traffic  flow  and  provide  real¬ 
time  information  on  the  condi¬ 
tions  of  roads,  bridges  and 
buildings  after  an  earthquake. 

Another  Carnegie  Mellon 
project  that  received  NSF 
money  —  in  this  case,  a  $1  mil¬ 
lion  grant  over  two  years  — 
aims  to  develop  new  ways  to 
verify  the  reliability  of  embed¬ 
ded  systems. 

“Obviously,  the  reliability  of 
such  systems  is  extremely  im¬ 
portant,”  said  Edmund  Clarke, 
a  professor  of  computer  sci¬ 
ence  and  lead  investigator  at 
Carnegie  Mellon.  The  goal  of 
the  research  is  to  verify  the  re¬ 
liability  of  software  and  hard¬ 
ware  used  in  such  systems  as 
they  are  designed,  he  said.  I 


Government  Boosts  Technology  Research 
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Fidelity  Makes  Big 
XML  Conversion 

Retrofit  of  legacy  data  leads  to  massive 
reduction  in  hardware,  proprietary  code 


BY  LUCAS  MEARIAN 

his  month,  Fideli¬ 
ty  Investments  ex¬ 
pects  to  complete 
a  retrofit  of  its  cor¬ 
porate  data  to  an 
XML  format  in  an  effort  that 
has  already  allowed  it  to  gut  a 
significant  amount  of  hard¬ 
ware,  proprietary  databases 
and  Web  and  transactional 
protocols.  Analysts  say  the 
project  is  the  largest  of  its  kind 
and  estimate  that  it  could  cost 
the  investment  firm  tens  of 
millions  of  dollars. 

“When  looking  at  the  multi¬ 
tude  of  data  required  to  be 
made  XML-compatible  within 
an  institution  the  size  of  Fideli¬ 
ty,  it’s  mind-boggling,”  said 
Sarah  Ablett,  a  research  ana¬ 
lyst  at  Meridien  Research  Inc. 
in  Newton,  Mass. 

Two  years  ago,  Fidelity 
started  looking  for  a  way  to 
simplify  communications  be¬ 
tween  consumer  Web  applica¬ 
tions  and  back-end  systems. 
During  the  past  decade,  the 
Boston-based  mutual  funds 
giant  had  installed  a  plethora  of 
proprietary  messaging  formats, 
remote  procedure  calls,  inter¬ 
faces  and  commercial  middle¬ 
ware  applications,  such  as 
Sybase  EnterpriseConnect. 

By  using  XML  as  its  core 
communications  connection 
to  translate  data  among  its 
Web  site,  its  Unix  and  Win¬ 
dows  NT  servers  and  its  back- 
office  mainframes,  Fidelity  was 
able  to  eliminate  a  glut  of 
translation  protocols  and  mes¬ 
sage  buffers  and  75  of  its  85 
midtier  servers. 

Bill  Stangel,  XML  team 
leader  and  an  enterprise  archi¬ 
tect  at  Fidelity,  said  a  common 
language  has  also  allowed  the 
company’s  IT  managers  to 
redeploy  programmers,  who 
were  tied  up  writing  inter¬ 


faces,  to  work  on  more  impor¬ 
tant  business  functions.  The 
conversion  should  also  im¬ 
prove  time  to  market  for  appli¬ 
cations,  he  said. 

“It’s  simplified  our  environ¬ 
ment  significantly,”  Stangel 
said.  “Instead  of  us  having  to 
invent  our  own  messaging,  we 
can  now  use  XML  as  the  com¬ 
mon  language.  We  can  buy  a 
book  on  it  and  give  it  to  our 
programmers  and  say,  ‘You  can 
use  this  instead  of  inventing  a 
new  interface.’  ” 

Getting  the  project  off  the 
ground  was  difficult,  said  Stan¬ 
gel,  “but  once  the  culture 
kicked  in,  we  didn’t  have  to 
explain  why  XML  is  a  good 
thing. 


Some  users  cautious 
about  upgrading 

BY  MARC  L.  SONGINI 

At  its  annual  user  conference 
this  week  in  Chicago,  Siebel 
Systems  Inc.  is  expected  to 
showcase  a  fully  Web-architec¬ 
tural  version  of  its  flagship 
customer  relationship  man¬ 
agement  (CRM)  software. 

Users  and  analysts  said  the 
Siebel  7  technology  will  take 
center  stage  at  the  Siebel 
Worldwide  User  Week  2001 
conference.  Siebel  officials 
couldn’t  be  reached  for  com¬ 
ment  last  week,  but  the  San 
Mateo,  Calif. -based  vendor  has 
said  that  the  new  release  won’t 
require  client-level  software 
and  will  add  several  features 
that  aren’t  available  in  its  cur¬ 
rent  Siebel  2000  suite. 

While  some  Siebel  users 


“People  picked  up  on  it  and 
realized  if  we  can  reduce  the 
complexity  of  our  systems,  we 
can  have  a  real  [competitive] 
advantage,”  he  said. 

While  it’s  not  unusual  for 
financial  services  firms  to  de¬ 
velop  XML  formats  for  future 
or  even  current  information, 
it’s  somewhat  rare  for  a  com¬ 
pany  to  spend  the  amount  of 
money  Fidelity  is  believed  to 
have  invested  to  retrofit  all  of 
its  internal  information,  said 
Neal  Goldman,  an  analyst  at 
The  Yankee  Group  in  Boston. 

Fidelity  officials  declined  to 
comment  on  the  specific  costs 
or  savings  associated  with  the 
project. 

Several  XML  standards  com¬ 
pete  in  the  financial  services 
industry,  including  Financial 
Information  Exchange  (FIX),  a 
protocol  used  by  a  group  of 
asset  management  and  broker- 


said  last  week  that  they  see 
the  potential  advantages  of 
upgrading  their  CRM  systems 
to  Siebel  7,  they  also  expressed 
a  degree  of  caution  about  mak¬ 
ing  the  move. 

Just  how  the  new  version 
will  integrate  with  back-end 
systems  and  other  business  ap¬ 
plications  is  of  particular  inter¬ 
est  to  Greg  Augustine,  director 
of  e-commerce  at  TidalWire 
Inc.,  a  Westboro,  Mass.-based 
maker  of  storage  hardware. 
TidalWire  uses  the  Siebel  2000 
sales  application  to  handle  ac¬ 
count  management,  customer 
leads  and  other  functions. 

Augustine  said  there  would 
be  benefits  to  using  the  new 
release,  such  as  easier  mainte¬ 
nance  for  IT  workers  and  the 
availability  of  enhanced  re¬ 
porting  tools  for  end  users  who 
want  to  review  customer 
records.  But  there  are  also 
“costs  associated  with  migrat- 


age  firms  for  the  real-time 
exchange  of  securities  transac¬ 
tions.  Currently,  FIX  develop¬ 
ers  must  write  application-level 
code  to  validate  the  structure 
of  FIX  messages. 

Instead  of  going  with  one  of 
several  proposed  XML  stan¬ 
dards,  Fidelity  settled  on  its 
own  proprietary  version  of 
XML  because  of  the  early 
adoption  of  the  technology 
and  the  fit  with  its  investment 
business. 

As  Fidelity  looks  to  convert 
its  external  systems  to  XML, 
Stangel  said,  the  firm  will  con¬ 
sider  evolving  standards  such 


ing  from  one  version  to  anoth¬ 
er,”  he  added.  “And  this  is  a  ma¬ 
jor  upgrade,  so  we’ll  be  doing 
lots  of  changes.”  For  example, 
he  said,  changes  in  business 
processes  would  be  needed. 

It’s  likely  that  Siebel  will 
offer  special  upgrade  pro¬ 
grams  and  technical  help  in  an 
effort  to  migrate  Siebel  2000 
client/server  customers  to  the 
new  Web-based  architecture, 
said  Erin  Kinikin,  an  analyst  at 
Giga  Information  Group  Inc.  in 
Cambridge,  Mass. 

But  companies  should  do 
their  usual  due  diligence  and 
not  be  too  hasty  to  jump  to 
Siebel  7,  no  matter  how  hard 
the  vendor  pushes  the  product, 
Kinikin  said.  Users  “need  to  be 
cautious  . . .  before  kicking  off 
large  Web  CRM  deployment 
projects,”  she  said. 

Another  user  who’s  looking 
at  Siebel  7  is  Ken  Casey,  vice 
president  of  operations  at  Al¬ 


as  FIXML  for  FIX  messages  or 
RIXML,  which  makes  it  easier 
for  investors  to  share  informa¬ 
tion  about  companies. 

“Our  work  upfront  has  put 
us  in  a  good  position  to  now 
take  advantage  of  these  next- 
generation  [XML  standards]  as 
we  move  forward,”  Stangel 
said.  “We  probably  won’t  move 
to  one  of  the  tag  standards,  like 
ebXML.  That  doesn’t  fit  our 
business.  But  we  will  take  ad¬ 
vantage  of  the  next  part  of  that 
protocol,  schema  structures 
and  those  types  of  things,  in¬ 
stead  of  us  having  to  invent 
those  components.”  I 


berta  Treasury  Branches,  an 
Edmonton,  Alberta-based  bank 
that  went  live  with  a  Siebel 
2000  call  center  application  for 
the  financial  industry  in  July. 

The  bank  now  wants  to  roll 
out  the  call  center  package  to 
its  branch  offices  but  is  looking 
to  avoid  the  cost  of  installing 
client  software  on  every  desk¬ 
top,  Casey  said.  Instead,  the 
company  hopes  to  rely  on  a 
central  server  that  offers 
browser-based  access  to  the 
application  for  remote  users. 

“We  decided  the  next  level 
of  the  rollout  wouldn’t  have 
the  same  thick-client  technolo¬ 
gy  [as  the  initial  project  re¬ 
quired],”  Casey  said.  He  said 
he’s  also  interested  in  a  new 
bank-teller  application  that’s 
supposed  to  be  part  of  Siebel  7. 
The  bank  is  leaning  toward 
upgrading  but  hasn’t  made 
definite  plans  to  do  so.  I 

For  access  to 
additional  resources 
online,  visit  our  CRM 
Knowledge  Center. 

www.computerwortd.com/q7k1300 


Addition  by  Subtraction 

Here’s  the  upshot  to  Fidelity’s  XML  conversion  project: 

►  Programmers  now  have  to  learn  only  one  language  instead  of  many  propri¬ 
etary  languages. 

►  Programmers  busy  writing  interfaces  can  now  focus  on  business  functions. 

►  Cuts  out  75  of  85  midtier  servers. 

►Cuts  many  proprietary  translation  protocols  and  message  buffers 
between  Fidelity's  Web  and  back-end  systems. 

►  Improves  the  company’s  time  to  market  for  applications. 

Note:  Fidelity  said  it  expected  to  spend  $2.3  billion  on  technology  this  year.  That  figure  includes 
$350  million  for  Internet  development,  a  35%  increase  over  last  year. 


Siebel  Readies  Web-Based  CRM  Suite 
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Exodus  Files  for 
Bankruptcy  Protection 


Web  hosting  firm  Exodus  Communi¬ 
cations  Inc.  filed  for  Chapter  11 
bankruptcy  protection  following  a 
series  of  losses,  layoffs  and  man¬ 
agement  shake-ups.  But  the  Santa 
Clara,  Calif.-based  company  said  it 
will  continue  operating,  using  S200 
million  in  new  debtor-in-possession 
financing  from  General  Electric 
Capital  Corp.  in  Stamford,  Conn. 

Six  More  States  Call 
For  Antitrust  Remedy 

Six  states  that  aren’t  taking  part  in 
the  U.S.  government’s  antitrust 
case  against  Microsoft  Corp.  re¬ 
leased  an  open  letter  calling  on  the 
software  vendor  “to  remedy  the 
antitrust  problems  that  are  now  evi¬ 
dent.”  The  letter  also  raised  anti¬ 
trust-related  concerns  about  Micro¬ 
soft’s  new  Windows  XP  operating 
system. 

Ariba  Rolls  Out  B2B 
Product-Sourcing  App 

Ariba  Inc.  announced  a  new  busi- 
ness-to-business  application  that 
includes  automated  contract  man¬ 
agement,  supplier  negotiation  and 
spending  analysis  features  for  buy¬ 
ing  products  and  services. 

Unlike  the  Sunnyvale,  Calif.- 
based  company’s  earlier  sourcing 
products,  the  Ariba  Enterprise 
Sourcing  software  can  be  installed 
internally  in  addition  to  being  run  in 
hosted  setups. 


Short  Takes 

APPLE  COMPUTER  INC.  announced 
an  upgrade  of  its  Mac  OS  X  operat¬ 
ing  system  designed  to  address  per¬ 
formance  problems  and  other  short¬ 
comings  in  the  product’s  first  re¬ 
lease,  which  shipped  in  March _ 

WORLDCOM  INC.  is  buying  some  of 
the  assets  of  bankrupt  Digital  Sub¬ 
scriber  Line  service  provider 
RHYTHMS  NETCONNECTIONS  INC. 
in  Englewood,  Col.,  for  S40  million. 
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Boeing 

get  on  with  the  business  at 
hand?’  ” 

One  possible  answer:  real¬ 
time  monitoring  of  what  is  go¬ 
ing  on  in  the  passenger  cabins 
of  commercial  aircraft. 

Condit  said  Connexion  by 
Boeing,  a  broadband  satellite 
connection  service  initially 
aimed  at  bringing  Internet  ac¬ 
cess  and  video  to  passengers  in 
flight,  could  also  be  used  to 
send  images  from  aircraft  to 
ground  stations. 

Boeing  spokesman  Terrance 
Scott  said  that  although  the 
Connexion  system  is  still  un¬ 
der  development,  it  has  been 
deployed  in  11  private  business 
and  government  jets,  including 
the  Boeing  737  corporate  jet 
used  by  Condit.  Boeing  also 
has  a  special  737  set  up  to  pro¬ 
vide  ongoing  development  of 
the  Connexion  platform,  Scott 
said. 

Several  carriers,  including 
American  Airlines  Inc.,  United 
Air  Lines  Inc.  and  Delta  Air 
Lines  Inc.,  have  said  they  will 
deploy  the  Internet  access  and 
video  system,  although  those 
plans  were  announced  before 
the  terrorist  attacks.  The  idea 
of  the  system  being  modified 
so  it  can  transmit  images  from 
an  aircraft  to  the  ground  is  a 
new  initiative  that  Boeing  is 
exploring. 

A  General  Trend 

Aerospace  analyst  Mike  Bur¬ 
kett  at  AMR  Research  Inc.  in 
Boston  said  the  concept  of  re¬ 
mote  monitoring  of  an  aircraft 
in  real  time  “seems  to  make 
perfect  sense”  from  a  security 
standpoint.  “Remote  monitor¬ 
ing  is  a  general  trend  in  IT,”  he 
noted. 

According  to  Scott,  the 
throughput  speed  from  satel¬ 
lites  to  an  aircraft  is  20M 
bit/sec.,  and  1.5M  bit/sec.  in  the 
other  direction.  If  a  security  or 
mechanical  emergency  were  to 
arise,  bandwidth  could  be 
shifted  to  accommodate  the 
situation,  Burkett  said. 

Condit  said  Boeing  has  pro¬ 
posed  a  different  type  of  satel¬ 
lite-based  air  traffic  manage¬ 


ment  that  views  multiple  air¬ 
craft  as  components  in  a  single 
system.  “It  has  better  data 
flows  and  fewer  holes  [than  ex¬ 
isting  systems],”  he  said. 

As  for  the  job  cuts  Boeing 
has  already  announced,  Condit 
affirmed  the  company’s  deci¬ 
sion  to  lay  off  approximately 
30,000  employees  during  the 
coming  months. 

“Flying  has  decreased  dra¬ 
matically,”  he  said.  “Building 
commercial  airliners  doesn’t 
make  sense  unless  airlines 
need  them.” 


Continued  from  page  1 

Projects 

at  a  cost  of  $150  million.  IBM 
was  to  provide  the  technology 
for  the  kiosks  and  handle  the 
installation. 

Last  week,  United  spokes¬ 
woman  Chris  Nardella  said 
those  plans  “are  on  hold  now,” 
though  she  added  that  an  un¬ 
determined  number  of  kiosks 
have  been  installed  and  contin¬ 
ue  to  function  in  Chicago 
O’Hare  International,  Los  An¬ 
geles  International  and  San 
Diego  International  airports. 

Nardella  said  United  hasn’t 
yet  decided  whether  it  will  in¬ 
stall  more  kiosks  and  what 
changes,  if  any,  will  be  made  to 
them  to  ensure  security. 

The  kiosks  were  intended  to 
speed  check-in  for  travelers 
with  e-tickets,  who  can  insert  a 
United  frequent-flier  card  or 
major  credit  card  for  identifi¬ 
cation  and  get  back  a  printed 
boarding  pass.  Now,  United 
will  have  agents  at  the  security 
checkpoints  to  double-check 
that  the  name  on  the  ticket 
matches  the  photo  ID  of  the 
ticketholder,  Nardella  said. 

By  and  large,  the  Federal 
Aviation  Administration  is 
leaving  these  kinds  of  security 
details  to  the  discretion  of  in¬ 
dividual  airlines,  and  there  are 
no  plans  to  prohibit  the  use  of 
kiosks  for  travelers,  said  an 
FAA  spokesman.  “The  impor¬ 
tant  thing  to  us  is  that  people 
have  the  proper  documents  to 
get  through  the  screener 
checkpoints,”  he  said. 

IBM  has  contracted  with 


But  most  Boeing  IT  workers 
won’t  have  to  worry,  according 
to  Judith  Muhlberg,  the  com¬ 
pany’s  vice  president  of  com¬ 
munications.  She  said  the  lay¬ 
offs,  most  of  which  will  be 
made  in  the  aerospace  giant’s 
commercial  aircraft  operating 
unit,  “will  have  an  insig¬ 
nificant  impact  on  Boeing  IT 
personnel. 

“Boeing  is  still  hiring  IT  peo¬ 
ple,”  Muhlberg  said.  “Those 
[IT  personnel]  affected  will 
likely  be  transferred  to  other 
Boeing  divisions.”  ► 


several  airlines  to  install  self- 
service  kiosks.  US  Airways 
Group  Inc.,  British  Airways 
PLC  and  Air  Canada  have  all 
signed  deals  with  IBM,  as  did 
Ansett  Airport  in  Sydney,  Aus¬ 
tralia,  and  Inchon  Internation¬ 
al  Airport  in  South  Korea. 

Kiosks  aren’t  the  only  tech¬ 
nology  that  could  be  affected 
by  new  guidelines.  “The  entire 
airline  industry  evolved  as  an 
extension  of  their  electronic 
networks  and  the  networks’ 
message  structures  and  the 
quasi-automated  e-commerce 
processes  that  evolved  in  and 
around  them,”  said  Richard 
Eastman,  president  of  The 
Eastman  Group  Inc.,  an  airline 
industry  consulting  firm  in 
Newport  Beach,  Calif.  “What 
Sept.  11  has  done,  in  my  mind, 


AIRPORT  KIOSKS  LIKE  this  one 
from  United  are  already  in  use, 
but  their  future  is  in  doubt. 
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BOEING  CEO  CONDIT:  Broadband 
could  increase  aircraft  security. 


is  open  some  doors  to  a  new 
architecture  model.” 

For  starters,  he  said,  reserva¬ 
tion  systems  aren’t  set  up  to 
trigger  an  alarm  if,  for  example, 
a  large  number  of  passengers 
don’t  show  up  for  a  flight  or  if 
a  handful  of  passengers  buy 
last-minute  tickets  at  full  fare. 
They  are  only  inventories,  not 
relational  databases,  and  they 
can’t  do  event-based  functions, 
he  said. 

For  its  part,  IBM  doesn’t 
have  any  specifics  on  how  the 
new  security  guidelines  will 
impact  its  various  contracts 
with  the  airlines.  “We’re  work¬ 
ing  with  our  customers,  [but] 
it’s  hard  to  be  more  specific,” 
said  IBM  spokeswoman  Linda 
Hanson.  “Obviously,  there  is 
some  refocusing.” 

Robert  Denahy,  director  of 
marketing  for  mobile  printing 
at  Zebra  Technologies  Corp.  in 
Vernon  Hills,  Ill.,  said  he  sees  a 
need  to  refocus  his  company’s 
mobile  printing  technology 
that’s  used  for  curbside  check¬ 
in  and  by  roving  agents  to 
check  baggage.  For  now,  De¬ 
nahy  isn’t  sure  if  Zebra’s  label¬ 
ing  technology  will  help  with 
airport  security  or  need  to  be 
retooled  to  support  more  so¬ 
phisticated  security  practices. 

“A  lot  of  these  changes  and  a 
lot  of  these  issues  are  uncer¬ 
tain,”  Denahy  said.  For  exam¬ 
ple,  Zebra’s  mobile  printers 
could  link  baggage  to  passen¬ 
gers  and  their  identification 
with  the  bar-code  technology 
already  in  use.  Zebra  might 
also  have  to  consider  embed¬ 
ding  biometrics  into  the  bar¬ 
code  information  on  baggage 
and  boarding  passes,  he  said.  I 
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Feds  Build  SANs  to  Handle 
Increasing  User  Demands 

Government  agencies  are  forced  to  centralize 

servers  as  they  attempt  to  meet  growing  needs 


BY  LUCAS  MEARIAN 

NGOING  PROJECTS  at  two 
federal  agencies  illustrate 
the  public  and  private 
sectors’  increasing  need 
for  storage-area  networks 
(SAN)  in  response  to  growing  demands 
from  end  users  and  customers  for  ac¬ 
cess  to  information. 

Two  weeks  ago,  the  U.S.  Geological 
Survey  (USGS)  got  an  upgrade  to  the 
SAN  behind  its  Web  site.  The  SAN, 
hosted  by  Microsoft  Corp.  and  known 
as  TerraServer,  had  its  capacity 
bumped  from  12TB  to  18TB  to  better 
serve  an  audience  that  makes  more 
than  5  million  imagery  requests  per  day. 

Each  time  the  site  is  publicized  on 


television  or  in  print,  the  number  of  vis¬ 
itors  skyrockets.  On  top  of  that,  a  new 
Web  site  was  added  to  the  TerraServer 
to  give  federal  agencies  exclusive  use  of 
the  data  to  create  presentations. 

The  USGS’s  Web  site,  which  can  dis¬ 
play  more  than  3  million  satellite  photos 
of  Earth,  is  most  often  used  by  the  gen¬ 
eral  public  and  the  U.S.  Department  of 
Agriculture  for  the  management  of  land 
and  other  natural  resources. 

The  TerraServer  project  is  a  joint 
venture  between  the  federal  govern¬ 
ment  and  various  IT  vendors,  including 
Microsoft,  Compaq  Computer  Corp. 
and  Redmond,  Wash.-based  Advanced 
Digital  Information  Corp:  (ADIC). 

TerraServer  uses  three  Microsoft 


SQL  Server  databases,  four  Compaq 
ProLiant  8500  servers,  one  Compaq  En¬ 
terprise  Storage  Array  12000  and  12 
16-port  SilkWorm  2800  switches  from 
Brocade  Communications  Systems  Inc. 
to  store  aerial  and  satellite  images  of 
Earth  and  to  provide  the  information 
publicly  on  the  Internet. 

When  the  project  first  started  in  1997, 
“we  were  basically  exploring  how  large 
we  could  grow  a  single  server,”  said 
Tom  Barclay,  TerraServer  project  man¬ 
ager  at  Microsoft. 

The  project  grew  from  that  single 
server  into  a  25-ft.-long  computer  with 
eight  racks  of  equipment.  Then  disk  ca¬ 
pacity  topped  out,  and  the  USGS  decid¬ 
ed  that  it  wanted  its  data  to  be  available 
via  the  Web  around  the  clock. 

The  need  for  multiple  servers  in  an 
active  configuration  —  combined  with 
the  ability  to  move  multiple  terabytes 
of  data  from  one  server  to  another  — 
“was  the  motivation  to  move  to  cluster¬ 
ing,”  Barclay  said. 

“On  the  Internet,  predicting  user 
load  becomes  so  much  more  challeng¬ 
ing,”  he  explained.  Anyone  who’s  build¬ 
ing  an  application  “has  to  configure  on 
the  high  side  for  bandwidth,  consider¬ 
ing  you  can  literally  have  every  man, 
woman  and  child  in  the  world  standing 
outside  your  door.” 

In  another  example  of  SAN  technolo¬ 
gy  making  federal  inroads,  the  Federal 
Deposit  Insurance  Corp.  is  in  the  midst 
of  a  two-year  server  consolidation  proj¬ 
ect  aimed  at  pumping  its  data  into  two 
SANs  so  it  can  upgrade  to  Windows 
2000  and  make  information  available  to 
scores  of  field  offices. 

The  FDIC,  the  federal  entity  that  in¬ 
sures  customer  deposits  at  almost 
10,000  U.S.  banks,  was  faced  with  re¬ 
placing  the  hard  drives  in  about  400 
servers  that  it  uses  for  internal  opera¬ 
tions.  It  had  been  adding  servers  to  sup¬ 
port  data-intensive  applications  like 
Microsoft  Exchange. 

“At  the  same  time,  we  were  also  look¬ 
ing  at  budget  considerations.  We  want¬ 
ed  to  consolidate  servers  and  centralize 
them,”  said  Ann-Marie  Haynie,  a  senior 
computer  specialist  at  the  FDIC  in  Ar¬ 
lington,  Va.  “If  we  have  the  servers  cen¬ 
tralized,  we  can  actually  start  clustering 
them  more  efficiently  for  redundancy 
and  fail-over.”  I 


' 

SAS  helped 
Sprint®  improve 
customer  retention 
and  save  a 
million  dollars. 
But  we’ll  let  them 
tell  you  all  about  it. 


Get  the  whole  story  and 
others  at  sas.com/3c 
or  call  us  at  1-800-727-0025. 
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How  It  Works 


The  Microsoft  TerraServer  is  at  the  back  end  of  the  US.  Geological  Survey’s  Web 
site,  which  hosts  more  than  3  million  satellite  photos  of  Earth.  One  of  the  goals  of 
TerraServer  is  to  demonstrate  that  a  highly  available  and  scalable  configuration 
can  be  built  using  commodity  hardware  running  Microsoft  software. 
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FCC  Preserves  Operators’  Spectrum  Rights 


BY  BOB  BREWIN 

The  Federal  Communications 
Commission  has  ruled  that 
companies  such  as  WorldCom 


Inc.  and  Sprint  Corp.,  as  well  as 
educational  institutions  na¬ 
tionwide,  don’t  have  to  give  up 
their  frequency  spectrum  to 


accommodate  new,  high-speed 
mobile  services. 

But  the  FCC  decision,  made 
Sept.  6  but  announced  last 


week,  could  hamstring  the  cel¬ 
lular  telecommunications  in¬ 
dustry’s  search  for  spectrum  in 
the  near  future.  That’s  because 
U.S.  Department  of  Defense 
(DOD)  frequencies,  also  under 
consideration  for  commercial 


HOUT  GETTING  WET. 

ION  WITHOUT  TOUCHING  OUR  TECHNOLOGY. 


every  day.  We've  spent  20  years  developing  technology 
lard  for  storing,  moving  and  using  information.  Four  of  the 
ir  names  on  storage  products  we  build.  Our  worldwide 
interoperability  experts.  And  that  expertise  is  reflected  in 
se  hardware  and  software.  The  more  heterogeneous  your 
lave  to  visit  lsilogicstorage.com  or  to  call  1-888-638*2786. 


third-generation  (3G)  wireless 
use,  are  now  considered  invio¬ 
lable,  given  the  nation’s  cur¬ 
rent  defensive  footing. 

The  cellular  industry  had  a 
sharp  reaction  to  the  FCC  spec¬ 
trum  decision.  Tom  Wheeler, 
president  of  the  Cellular  Tele¬ 
communications  &  Internet 
Association  (CTIA)  in  Wash¬ 
ington,  said  the  decision  “does 
not  help  to  address  the  contin¬ 
uing  need  for  additional  spec¬ 
trum  for  the  most  spectrum- 
contained  carriers.” 

The  FCC  said  in  its  ruling 
that  it  won’t  force  companies 
such  as  Sprint  and  WorldCom, 
which  paid  billions  of  dollars 
for  licenses  in  the  2,500-to- 
2,690-MHz  band,  to  move. 
The  decision  removes  “regu¬ 
latory  uncertainty”  that  had 
stalled  deployment  of  broad¬ 
band  wireless  services  de¬ 
signed  to  bypass  local  tele¬ 
phone  companies,  said  An¬ 
drew  Kreig,  president  of  the 
Washington-based  Wireless 
Communications  Association 
International. 

Last  year,  the  federal  gov¬ 
ernment  also  targeted  for 
potential  3G  uses  the  1,710-to- 
1,850-MHz  band,  which  is  used 
extensively  by  the  DOD,  and 
the  CTIA  has  led  a  fierce  lob¬ 
bying  battle  for  those  frequen¬ 
cies.  Any  chance  of  the  cellu¬ 
lar  industry  gaining  access, 
however,  has  largely  evaporat¬ 
ed  since  the  terrorist  attacks 
on  Sept.  11,  said  analysts  and 
former  DOD  officials. 

“No  one  is  going  to  argue 
about  DOD  needing  that  spec¬ 
trum  today,  and  I  don’t  think 
anyone  wants  to  take  away  that 
spectrum  now,”  said  John 
Hamre,  deputy  defense  secre¬ 
tary  under  the  Clinton  admin¬ 
istration  and  now  president 
and  CEO  of  the  Center  for 
Strategic  and  International 
Studies  in  Washington. 

According  to  Craig  Mathias, 
an  analyst  at  Farpoint  Group  in 
Ashland,  Mass.,  the  ruling  that 
walls  off  the  2,500-to-2,690- 
MHz  band,  combined  with  the 
political  realities  that  will  pre¬ 
vent  any  encroachment  on  the 
DOD’s  l,700-to-l,850-MHz  band, 
means  that  the  cellular  indus¬ 
try  “is  up  the  creek”  in  its 
search  for  new  spectrum  to 
support  3G  services.  8 


NEWSINDUSTRY 

Sun  Raises  Stakes  With 
72-Processor  Server 


Release  improves  position  against  IBM 


BY  LEE  COPELAND 

UN  MICROSYSTEMS 
Inc.  has  added  more 
horsepower  to  its  Ul¬ 
traSPARC  server  line¬ 
up,  a  move  analysts 
said  bolsters  its  dominance  of 
the  Unix  market  and  boosts  the 
company’s  competitive  posi¬ 
tion  against  rival  IBM. 

Sun  launched  its  long-await¬ 
ed  Sun  Fire  15K,  code-named 
Starcat,  last  week.  Unlike  its 
predecessor,  the  64-bit  Ultra¬ 
SPARC  II  E10K  machine,  the 
Sun  Fire  15K  supports  as  many 
as  72  processors  and  18  I/O 
hubs,  company  officials  said. 
By  substituting  those  I/O  hubs 
for  CPUs,  users  can  boost  the 
server’s  processing  power  to 
106  chips. 

The  Sun  Fire  15K  offers  new 
options  to  Sun’s  customer 
base,  said  Steve  Josselyn,  an 
analyst  at  Framingham,  Mass.- 
based  IDC. 


eludes  high-end  Unix  ma¬ 
chines  and  mainframes  and  to¬ 
taled  $12  billion  last  year,  the 
leadership  roles  are  reversed, 
IDC  said.  IBM  holds  36%  of 
that  market,  followed  by  Sun 
with  18%,  Compaq  and  Tokyo- 
based  Fujitsu  Ltd.  with  roughly 
8%  each  and  HP  with  6%. 

The  Sun  Fire  15K  will  be 
available  in  four  configura¬ 
tions,  ranging  from  a  16- 
processor  model,  which  costs 
about  $1.4  million,  to  the  72- 
processor  model,  with  a  price 
tag  of  about  $4  million,  Sun  of¬ 
ficials  said. 

The  new  box,  built  by  Dal¬ 


las-based  Texas  Instruments 
Inc.,  also  sports  900-MHz  cop¬ 
per-based  chips  and  embedded 
memory  controllers. 

Sun’s  Solaris  8  operating  sys¬ 
tem  is  required  for  the  new 
hardware. 

Sun  has  sold  about  5,000  Ul¬ 
traSPARC  II  E10K  machines 
since  March  1997  at  an  average 
price  of  $1  million  each,  said 
Clark  Masters,  vice  president 
and  general  manager  of  enter¬ 
prise  system  products  at  Sun. 

While  Sun  hopes  to  maintain 
that  sales  track  record  with  the 
Sun  Fire  15K,  analysts  cau¬ 
tioned  that  the  high-end  server 
market  has  slowed  down  this 
year. 

“It  has  certainly  become  a 
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New  Liberty  Alliance  Project 
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BRIEFS 


Intel  Names  CTO 

Intel  Corp.  last  week  tapped  Patrick 
Gelsinger  as  its  first  companywide 
chief  technology  officer.  Gelsinger 
will  head  the  company’s  new  Corpo¬ 
rate  Technology  Group  and  will  re¬ 
port  directly  to  Intel  President  and 
CEO  Craig  Barrett.  The  group  will 
provide  research  and  technology 
direction  across  product  lines  and 
create  industry  specifications,  stan¬ 
dards  and  technologies. 


VeriSign  Buying 
llluminet  For  $1.2B 

Digital  trust  services  vendor 
VeriSign  Inc.  in  Mountain  View, 
Calif.,  is  acquiring  Lacey,  Wash.- 
based  llluminet  Holdings  Inc.  in  a 
move  to  expand  its  offerings  beyond 
the  Internet.  VeriSign  said  the  ac¬ 
quisition  will  help  it  offer  digital 
identification,  transaction  security 
and  other  services  to  llluminet’s 
telecommunications  customers. 

Gateway  to  Drop  AMD 
For  Intel  Chips  in  PCs 

Sunnyvale,  Calif.-based  chip  maker 
Advanced  Micro  Devices  Inc.  saw 
things  go  from  bad  to  worse  last 
week.  On  the  same  day  the  compa¬ 
ny  announced  it  would  lay  off  2,300 
employees,  PC  vendor  Gateway  Inc. 
in  San  Diego  said  that  once  its  cur¬ 
rent  stock  of  AMD-based  PCs  is  de¬ 
pleted,  the  company  will  standard¬ 
ize  on  Intel  processors. 


Short  Takes 

CISCO  SYSTEMS  INC.  and  San  Ma¬ 
teo,  Calif.-based  E.PIPHANY  INC. 
said  they're  bundling  a  variety  of 
their  software  products  in  an  effort 
to  make  customer  contact  centers 
smarter _ SAP  AG  said  it’s  creat¬ 

ing  a  unit  to  meet  the  consulting 
needs  of  multinational  customers. 

. . .  SGI  JAPAN  LTD.,  the  Japanese 
unit  of  SILICON  GRAPHICS  INC., 
signed  an  agreement  with  NEC 
CORP.  that  calls  for  more  coopera¬ 
tion  and  a  future  capital  tie-up  be¬ 
tween  the  companies. 


“Customers  had  been  wait¬ 
ing  for  quite  some  time  for  the 
UltraSPARC  III  chip,  and  this 
is  the  delivery  of  that.  Having 
72  processors  gives  them  addi¬ 
tional  headroom,”  he  said. 

Ed  Broderick,  an  analyst  at 
Robert  Frances  Group  Inc.  in 
Westport,  Conn.,  said  the  serv¬ 
er  will  also  help  Sun  compete 
for  non-Unix  customers,  such 
as  those  with  IBM’s  RS/6000 
midrange  servers  and  s390 
mainframes. 

“Sun  is  taking  dead  aim  at 
IBM,”  Broderick  said.  “This  is  a 
case  of  Sun  getting  more  so¬ 
phisticated  in  its  capabilities 
and  maturing,  and  Sun  is  com¬ 
ing  on  like  gangbusters.” 

The  worldwide  Unix  server 
market  reached  $29  billion  last 
year,  according  to  IDC.  Sun  led 
the  pack  with  a  35%  market 
share,  followed  by  Hewlett- 
Packard  Co.  with  23%,  IBM 
with  18%  and  Compaq  Com¬ 
puter  Corp.  with  8% 

But  in  the  worldwide  high- 
end  server  market,  which  in- 


Passport  ID  system 
might  operate  with 
open  technology 


BY  ASHLEE VANCE 

Microsoft  Corp.  will  consider 
joining  a  newly  formed  coali¬ 
tion  working  on  digital  identity 
technology  similar  to  its  Pass¬ 
port  system  if  coalition  ven¬ 
dors,  including  rival  Sun  Mi¬ 
crosystems  Inc.,  show  a  com¬ 
mitment  to  keeping  the  identi¬ 
ty  platform  open,  said  a  Micro¬ 
soft  official  last  week. 

Sun  and  about  30  other  com¬ 
panies  launched  the  Liberty 
Alliance  Project  on  Sept.  26, 
hoping  to  lay  the  foundation 
for  a  new  type  of  authentica¬ 
tion  system  that  would  allow 
user  information,  such  as  cred¬ 
it  card  numbers,  to  travel  se¬ 
curely  between  Web  sites.  The 
system  would  be  similar  to  Mi¬ 
crosoft’s  Passport  technology, 
saving  users  time  by  asking 
them  to  fill  out  name  or  credit 


card  fields  on  a  Web  site  once 
and  then  having  that  informa¬ 
tion  pop  up  automatically  on 
other  sites  that  support  the 
technology. 

One  of  the  differences  be¬ 
tween  Microsoft’s  system  and 
that  of  the  Liberty  Alliance  is 
where  end  users’  information 
would  be  stored.  The  alliance 
members  would  each  store  a 
user’s  information  on  their 
own  servers,  with  the  informa¬ 
tion  passing  from  vendor  to 
vendor  when  the  user  moves 
to  a  new  site.  Microsoft,  by 
contrast,  stores  all  Passport  in¬ 
formation  only  on  its  servers. 
However,  Microsoft  said  last 
week  it  would  consider  letting 
a  third  party  manage  the  data. 

Sun  and  others  in  the  coali¬ 
tion  suggested  that  Microsoft 
could  become  part  of  the  al¬ 
liance,  making  Passport  a  sub¬ 
set  of  a  digital  identity  stan¬ 
dard  —  an  idea  that  Microsoft 
hasn’t  dismissed  and  that 
could  prevent  conflicts  be¬ 
tween  the  two  systems. 
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AT  A  GLANCE 


Starcat 
Powers  Up 

The  Sun  Fire  15K  includes  the 
following  features: 

■  72-processor  configuration  and 
18 1/0  hubs 

■  106-processor  capacity,  if  additional 
CPUs  get  substituted  for  1/0  channels 

■  900-MHz  copper-based  chips  and 
embedded  memory  controllers 

■  $14  million  starting  price  for  16-proces- 
sor  configuration 

■  $4  million  price  tag  for  72-processor 
configuration 

buyer’s  market  for  any  high- 
end  system,”  said  Brian 
Richardson,  an  analyst  at  Meta 
Group  Inc.  in  Stamford,  Conn. 
“Last  year  and  in  1999,  it  was 
still  a  seller’s  market  because 
of  Y2k-driven  Web-enabling  of 
legacy  applications.  IT  budgets 
are  tighter  this  year.”  I 


“If  they  are  sincere  [about  an 
open  platform],  there’s  proba¬ 
bly  an  opportunity  for  us  to 
work  together  here,”  said  Chris 
Payne,  vice  president  of  mar¬ 
keting  for  the  services  plat¬ 
form  group  at  Microsoft.  “I 
don’t  see  it  as  a  competitive  an¬ 
nouncement.” 

Sun  and  its  partners  seem 
amenable  to  having  Microsoft 
and  New  York-based  AOL 
Time  Warner  Inc.  work  togeth¬ 
er  on  the  technology.  Execu¬ 
tives  from  Sun,  RealNetworks 
Inc.  and  Bank  of  America 
Corp.  extended  their  invitation 
publicly  to  Microsoft  and  AOL 
Time  Warner  when  the  al¬ 
liance  was  launched. 

Microsoft  had  already  taken 
a  more  open  stance  with  Pass¬ 
port,  saying  it  would  work  to 
make  its  system  interoperate 
with  competing  technology 
more  easily. 

Such  openness  could  benefit 
users  and  vendors  alike. 

“I  think  more  and  more  peo¬ 
ple  are  now  realizing  that  a 
unified  user  identity  system  is 
very  useful,”  said  Dana  Gard¬ 
ner,  an  analyst  at  Aberdeen 
Group  Inc.  in  Boston.  I 


Vance  writes  for  the  IDG  News 
Service. 
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PATRICIA  KEEFE 

IT  in  the  Crossfire 


THE  SUMMER  after  the  U.S.  bombed  Libya,  I  flew  into  France 
on  business  in  a  nearly  empty  plane  and  landed  in  laid-back 
Nice,  where  customs  was  nonexistent.  It  was  a  different  sto¬ 
ry  flying  out  of  Paris.  Soldiers  with  machine  guns  were 


everywhere,  check-in  was  time-con¬ 
suming,  suitcases  were  opened,  elec¬ 
tronics  were  turned  on,  and  random 
checks  were  frequent.  In  the  packed 
terminal  waiting  area,  Arab  passen¬ 
gers  were  viewed  with  suspicion.  A 
woman  sitting  behind  me  played  a 
chilling  game  with  her  son:  “You  tell 
me  who  you  think  the  terrorists  are, 
and  I’ll  tell  you  who  I  think  they  are.” 

On  another  business  trip  —  this 
time  to  British  Telecom  in  London  — 
we  were  subjected  to  metal  and  gun¬ 
powder  searches  every  time  we  en¬ 
tered  the  BT  building,  even  though  we 
had  been  invited.  Flying  out  of  Heathrow  was 
more  of  the  same,  only  this  time,  I  became  the 
subject  of  random  checks  —  so  frequent  I 
stopped  putting  my  passport  and  ticket  away. 

Now,  as  we  gingerly  begin  to  rebook  travel,  we 
all  know  the  process  of  traveling  is  going  to 
change  in  a  big  way.  Much  of  this  is  good  —  air¬ 
line  security  in  this  country  is  a  joke. 

But  recent  moves  by  law  enforcement  to  gain 
unfettered  access  to  data  that  is  created,  collected 


and  stored  electronically  should  wor¬ 
ry  you.  Whether  it’s  wiretapping, 
transaction  or  credit  histories,  e-mail 
logs  or  tracking  clicks,  IT  is  at  the 
center  of  this  debate.  Remember  the 
ethical  debates  over  the  e-mail  police? 
Or  the  hue  and  cry  that  arise  over  any 
attempt  to  sell  customer  data  collect¬ 
ed  under  the  promise  of  privacy? 

If  some  policymakers  have  their 
way,  anyone  charged  with  collecting, 
storing  or  mining  data  or  with  admin¬ 
istration  of  e-mail  lists  and  customer 
demographics  could  be  asked  to  pro¬ 
duce  that  information  at  any  time.  And 
that’s  the  scary  part,  because  America  is  what  it  is, 
and  we  are  who  we  are,  precisely  because  of  our 
openness  and  many  freedoms.  If  we  trample  civil 
liberties  into  the  ground,  then  terrorism  wins. 

This  isn’t  a  time  to  lose  our  heads;  it’s  a  time 
for  reasoned  discussion.  Whether  you  find  your¬ 
self  on  a  development  team  creating  the  technical 
means  or  on  the  front  end,  controlling  access  to 
the  data,  speak  up:  You  can  help  shape  this  policy. 
It’s  now  or  never.  I 


PATRICIA  KEEFE  is  news 
director  at  Computer- 
world.  You  can  contact 
her  at  patricia.keefe® 
computerworld.com. 


PIMM  FOX 

Get  Serious  About 
Getting  Prepared 

MENTION  San  Francisco,  and 

people  think  earthquakes.  They 
ask  what  we  do  to  prepare  for 
life  on  a  fault  line.  Unfortunately,  the  an¬ 
swer  is,  “Not  much.” 

In  10  years,  San  Francisco  has  never  had  a  city¬ 
wide  emergency  drill,  nor  a  corporate  exercise  for 
large-scale  disasters,  either  for  people,  IT  opera¬ 
tions  or  communications. 

This  has  to  change. 

Many  firms  don’t  have 
fire  hoods,  flashlights  or 
light  sticks  as  part  of  their 
standard  emergency  kits. 

Some  don’t  have  floor  war¬ 
dens  trained  in  emergency 
procedures. 

Of  course,  obvious  plans 
for  IT  involve  backup  of 
critical  data  off-site. 

“A  large  number  of  busi¬ 
nesses  at  the  World  Trade 
Center  didn’t  have  off-site  storage  of  critical  busi¬ 
ness  data,”  says  Neil  Livingstone,  chairman  and 
CEO  of  GlobalOptions  LLC,  a  risk-management 
firm  in  Washington. 

“You  have  to  have  appropriate  data  storage,  and 
that  means  not  having  it  in  the  same  building,” 
Livingstone  says.  Even  companies  with  sophisti¬ 
cated  backup  systems  didn’t  operate  them  on  a 
nightly  basis.  “The  Securities  and  Exchange  Com¬ 
mission  is  confronting  a  situation  in  which  some 
paper  material  had  yet  to  be  backed  up,”  he  says. 

Similar  to  the  paper  strewn  all  over  the  blast 
site  in  Manhattan,  electrons  from  transactions 
taking  place  at  the  time  of  a  disaster  —  bank 
transfers  en  route  —  would  be  wiped  out,  unless 
the  operations  had  built-in  redundancy. 

Another  area  for  IT  preparedness  concerns  lap¬ 
tops.  Knowing  what’s  on  laptops  that  get  lost, 
stolen  or  destroyed  is  critical  to  reconstructing 
IT  infrastructure.  Many  people  keep  information 
without  a  backup  to  a  secure  (and  redundant) 
server.  Backups  to  Orb  or  Zip  drives  don’t  count. 

On  a  strategic  level,  companies  need  a  crisis- 
management  plan  that  doesn’t  sit  on  the  shelf. 
This  plan  should  outline  the  duties  and  responsi¬ 
bilities  of  employees,  especially  senior  manage¬ 
ment.  It  delineates  who  talks  to  the  press,  who 
talks  to  customers  and  who  is  tasked  with  IT  and 
human  resources  responsibilities  and  lists  key 
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telephone  numbers  of  emergency  personnel. 

“A  plan  not  tested  is  worse  than  useless,”  says 
Livingstone.  “It  has  to  be  tested  to  identify  defi¬ 
ciencies,  and  senior  management  needs  to  take  it 
seriously.” 

Even  companies  with  IT  operations  in  so-called 
safe  havens  will  still  do  business  where  a  disaster 
can  strike  and  need  to  have  recovery  plans  for  the 
unsafe  world  around  them. 

With  U.S.  military  retaliation  an  ongoing  op¬ 
tion,  additional  terrorist  action  is  likely.  Execu¬ 
tives  who  hesitate  to  prepare  should  ask,  “What’s 
the  cost  of  losing  the  business?” 

We’re  all  on  a  fault  line  now.  ► 

THORNTON  MAY 

Info  Security 
Teachers’  Need 
More  Learning 

A  LONGTIME  editor  of  Scientific 
American  recalls  meeting  a  fa¬ 
mous  movie  critic.  After  intro¬ 
ducing  themselves,  the  movie  critic  said 
she  knew  “absolutely  nothing”  about  sci¬ 
ence.  The  editor  responded,  “Whatever  became 
of  the  idea  that  an  educated  person  is  supposed  to 
know  a  little  something  about  everything?” 

It  has  become  common  knowledge  that  all 
stakeholders  in  the  enterprise  should  “know  a  lit¬ 
tle  something”  about  information  security  and 
privacy.  The  first  two  questions  toward  making 
our  systems  secure  are,  “How  much  do  executives 
really  need  to  know?”  and,  “How  many  companies 

have  developed  a  ‘curricu¬ 
lum’  detailing  what  specif¬ 
ic  business  leaders,  in  spe¬ 
cific  business  roles,  need 
to  know?”  In  conjunction 
with  scholars  at  Arizona 
State  University’s  College 
of  Business,  Guardent  re¬ 
cently  conducted  a  survey 
of  120  top-level  executives. 
It  turns  out  that  less  than 
10%  have  or  manage  a  se¬ 
curity  or  privacy  curricu¬ 
lum  geared  toward  differ¬ 
ent  information-handling 
responsibilities. 

Security  professionals  insist  that  better  educa¬ 
tion  of  business  executives  is  needed.  They’re 
right,  but  while  they  think  they  should  be  the 
teachers,  they  really  should  be  the  students  first. 
At  first  glance,  writing  down  what  must  be 
known  about  security  and  privacy  and  who  needs 
to  know  it  appears  to  be  pretty  basic.  But  security 
and  privacy  professionals  appear  unable  to  put 
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the  security  and  privacy  to-dos  in  the  proper  con¬ 
text  for  people  who  manage  sensitive  informa¬ 
tion.  Why?  Security  people  have  never  been 
known  to  distinguish  themselves  with  dazzling 
feats  of  writing.  Dostoevski  and  Tolstoy  were 
pithy  compared  with  contemporary  security  and 
privacy  policy  writers.  So,  the  first  lesson  at  secu¬ 
rity  school  should  be  basic  writing  skills. 

Then  there’s  the  “bedside  manner”  of  security 
and  privacy  professionals.  They  tend  to  be  very 
good  at  telling  us  what’s  wrong  and  what’s  bro¬ 
ken,  but  most  of  them  are  mute  when  it  comes  to 
actually  fixing  the  problem.  Lesson  two  at  securi¬ 
ty  school:  how  to  play  constructively  with  others. 
Security  experts  have  to  stop  being  judge/jury/ 
cop  and  start  being  therapist/counselor/creative 
problem-solver. 

Most  security  professionals  would  benefit  from 
a  bit  of  advice  from  journalists  in  the  do’s  and 
don’ts  of  telling  a  good  story.  Executives  of  the  fu¬ 
ture  won’t  tolerate  messages  that  aren’t  highly 
relevant  to  them  and  will  filter  them  out.  So,  les¬ 
son  three  is  storytelling. 

Assuming  that  the  security  curriculum  has 


been  created  and  taught,  the  third  question  be¬ 
comes,  “Has  the  organization  tested  various  audi¬ 
ences  against  that  curriculum?”  Again,  we  find 
that  less  than  10%  do  so. 

The  all-important  final  exam  question  is,  “When 
executives  know  what  they  need  to  know,  does 
that  knowledge  change  their  behavior?”  We  asked 
the  120  executives,  “Do  you  think  it  will  be  best  for 
the  future  of  your  company  if  senior  executives 
like  you  played  a  more  active  role  in  designing  and 
implementing  information  security  and  privacy 
programs?”  Ninety-one  percent  answered  yes. 

Three  months  later,  we  returned  to  that  91% 
and  asked,  “Have  you  become  more  active  in  de¬ 
signing  and  implementing  information  security 
and  privacy  programs?”  Ninety-five  percent  said 
no.  Executives  endorse  the  theory  and  concept  of 
security  and  privacy,  but  they  don’t  walk  the  walk. 

What  this  tells  us  is  that  most  companies’  infor¬ 
mation  security  organizations  wouldn’t  receive 
passing  grades  in  trying  to  upgrade  enterprise 
awareness  of  what  each  employee  needs  to  know 
and  do  to  render  their  systems  and  the  data 
housed  in  them  secure.  I 
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Some  Travel  Needed 

For  intracompany 
meetings  where  a 
structured  relation¬ 
ship  exists  for  responsi¬ 
bilities,  videoconferenc¬ 
ing  works  fine  [“Avoiding 
Travel,  Users  Turn  to 
Communications  Tech¬ 
nology,”  Computer- 
world.com.  Sept.  24].  But 
for  sales  and  new  project 
implementations,  the 
processes  of  interview¬ 
ing,  training  and  start-up 
will  work  only  when  you 
are  face-to-face  with  the 
customer. 

James  A.  Kirkland 
Project  consulting  engineer 
Spirent  Systems 
San  Diego 

Jim.Kirkland@Spirent.Systems 


ECURITY  CANNOT 
be  had  without 
privacy  [“Informa¬ 
tion  Security  Will  Be 
Key  With  Lawmakers,” 
News,  Sept.  17].  If  citi¬ 
zens  and  corporations 
aren’t  allowed  to  choose 
and  control  what  infor¬ 
mation  is  visible  and  to 


whom,  including  choos¬ 
ing  what  is  and  is  not 
visible  to  the  govern¬ 
ment,  then  none  of  us  is 
secure. 

Why  on  earth  would 
we  believe  that  it’s  al¬ 
ways  safe  for  govern¬ 
ment  officials  to  be  able 
to  snoop  in  every  single 
aspect  of  our  lives?  Why 
would  we  assume  people 
are  guilty  until  proven 
innocent  if  they  simply 
wish  to  control  their 
own  extended  informa¬ 
tion  shadow?  I  beg  of  or¬ 
ganizations  like  the  As¬ 
sociation  for  Computing 
Machinery  that  they  rec¬ 
ognize  the  incredible 
threat  of  total  govern¬ 
ment  surveillance  and 
speak  against  it. 
Samantha  Atkins 
San  Jose 


Just-in-TIme  Layoffs? 

You  would  have 
to  be  pretty  naive 
to  believe  that 
Boeing  is  laying  off 
30,000  workers  as  a  re¬ 
sult  of  the  terrorist 
strikes  on  Sept.  11  [“Boe¬ 
ing  to  Lay  Off  up  to 


30,000  Workers,”  Com- 
puterworld.com,  Sept. 

19].  The  buying  cycle  on 
airplanes  is  quite 
lengthy,  and  a  slowdown 
in  Boeing’s  commercial 
plane  operations  has 
been  coming  for  months. 
It’s  frustrating  to  see  so 
many  laid  off,  but  don’t 
give  the  terrorists  so 
much  credit. 

Ryder  Todd  Smith 
Irvine.  Calif. 
rydersmith@home.com 


Nimda  Cure  Too  Strong 

IN  THE  sept.  24  article 
“Nimda  Needs  Harsh 
Disinfectant”  [Page 
One],  you  state  that  the 
CERT  Coordination 
Center  and  the  SANS  In¬ 
stitute  both  recommend 
that  “until  more  sophisti¬ 
cated  fixes  become  avail¬ 
able,  the  only  sure 
course  is  to  disconnect 
all  infected  systems  from 
the  network,  reformat 
their  hard  drives,  re¬ 
install  all  the  software 
from  a  secure  source  and 
apply  the  appropriate  se¬ 
curity  patches.”  This  is 
not  a  correct  statement. 


There  are  several  pro¬ 
grams  available  that  au¬ 
tomatically  clean  and  re¬ 
move  the  virus  from  the 
infected  server  or  work¬ 
station  without  having  to 
reformat  the  hard  drives 
and  reinstall  all  software. 
Check  out  the  following 
link  from  Trend  Micro: 
www.antivirus.com/ 
vinfo/virusencyclo/ 
default5.asp?VName= 
PE_NIMDA.A. 

Brian  Smith 
Network  administrator 
Eruces  Inc. 

Lenexa,  Kan. 
bsmith@eruces.com 

COMPUTERWORLD  welcomes 
comments  from  its  readers. 
Letters  will  be  edited  for  brevity 
and  clarity.  They  should  be  ad¬ 
dressed  to  Jamie  Eckle,  letters 
editor,  Computerworld,  P0  Box 
9171, 500  Old  Connecticut  Path, 
Framingham,  Mass.  01701. 

Fax:  (508)  879-4843.  Internet: 
letters@computerworld.com. 
Include  an  address  and  phone 
number  for  immediate  verification. 
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Stretching  the  limits  of  your  data  storage  systems? 


eds.com 


EMC2 


PROVEN 


E-Infostructure' 


EDS  Intelligent  Storage  Services,  with  the  burstable  capacity  of  Liquid  Storage™,  can  tame  your  most  volatile  e-business 
flows  with  confidence,  without  bursting  limited  capital  budgets.  Intelligent  Storage  Services,  offered  by  EDS  and 
other  service  providers  digitally  powered  by  EDS,  gives  you  the  storage  capacity  you  need,  when  you  need  it. 
Call  us  at  888-889-1392,  or  visit  us  online  at  eds.com/storage,  before  your  current  system  leaves  you  all  wet. 
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HOME  IMPROVEMENT 

When  Jean  Holley  joined  USG  as 
its  first  CIO  three  years  ago,  she 
was  charged  with  reconstructing  a 
legacy-bound  IT  infrastructure, 
updating  an  IT  staff  that  had  19708- 
era  skills  and  forging  a  closer  part¬ 
nership  with  untrusting  business 
units.  PAGE  24 


THE  DOT-COMEBACKS 

Many  IT  managers,  like  Longaberg- 
er  CIO  Cynthia  Hilliard  (above), 
are  rehiring  staffers  previously  lost 
to  dot-coms  and  trying  to  establish 
the  kind  of  perks  that  lured  them 
away  in  the  first  place.  PAGE  28 


SPEEDING  DELIVERY 

Ford  and  UPS  are  six  months  ahead 
of  schedule  in  achieving  productiv¬ 
ity  gains  from  a  system  that’s  de¬ 
signed  to  make  car  and  truck  deliv¬ 
eries  faster  and  more  predictable. 
PAGE  30 


The  IT  workplace  is  experiencing 
tremendous  change  in  the  wake  of 
dot-com  mania  —  including  more 
casual  work  environments  and  a 
trend  toward  telecommuting  — 
but  not  all  IT  managers  or  staffing 
experts  think  those  changes  are  for 
the  better.  PAGE  34 


PAUL  A.  STRASSMANN 

Secure  the  Internet 

HOW  WILL  LAST  MONTH’S  TERRORIST  ATTACKS  affect  cor¬ 
porate  IT?  Hijacking  and  crashing  four  jetliners  was  only  one 
move  in  a  concerted  campaign  to  disrupt  global  commerce, 
damage  U.S.  economic  interests,  erode  U.S.  power  and  foment 
distrust  in  the  conduct  of  international  business.  Given  those 
objectives,  I’m  quite  sure  that  high  on  terrorists’  checklists  is  a  plan  to 
wreck  the  Internet.  If  they  can  stop  Internet  traffic  for  a  day  or  two,  the  ef¬ 
fect  on  business,  and  particularly  on  the  future  of  IT,  would  be  devastating. 


Current  configuration  and  management  practices 
for  securing  the  Internet  are  roughly  comparable  to 
what  has  so  far  passed  for  airport  security  measures. 
Communications  protocols  were  designed  for  coop¬ 
erative  ease  of  use,  not  security. 

The  software  that  runs  the  servers  possesses 
known  security  holes  through  which  increasingly 
virulent  attacks  are  launched  every  day.  The  soft¬ 
ware  that  operates  our  desktops  has  been  designed 
for  convenience  and  is  readily  exploited  by  available 
attack  tools.  A  large  portion  of  more  than  100  mil¬ 
lion  powerful  PCs  and  more  than  10  million  servers 
can,  in  an  instant,  be  commandeered  to  serve  as  en¬ 
gines  that  amplify  anything  terrorists  launch,  guar¬ 
anteeing  their  anonymity  and  becoming  weapons  of 
mass  corruption  of  Internet  services.  Thus,  an  IT 
network  that’s  negligently  managed  and  known  to 
be  insecure  becomes  part  of  the  terrorist’s  arsenal  in 
information  warfare. 

All  IT  assets  in  the  U.S.  should  now  be  seen  as  op¬ 
erating  in  a  war  zone. 

What  could  we  see  in  this  war  zone?  The  most 
probable  scenario  is  an  attempt  to  col¬ 
lapse  the  Internet  through  a  massive  de- 
nial-of-service  attack.  One  can  begin  when 
malicious  code  is  implanted  in  unprotect¬ 
ed  computers  or  when  the  attacking  code 
sneaks  past  defenses  unrecognized.  The 
infected  host  is  then  induced  to  pass  the 
attack  package  to  others.  Damage  is  in¬ 
flicted  by  all  compromised  computers, 
which  become  generators  of  a  huge  vol¬ 
ume  of  messages  and  make  all  other  sys¬ 
tems  inaccessible  by  overloading  net¬ 
works  with  useless  traffic  so  that  legiti¬ 
mate  users  can’t  access  Internet  resources. 

When  that  happens,  operators  must  dis¬ 
connect  the  infected  devices,  and  often, 
they  must  also  reformat  their  drives  and 
reinstall  all  software  from  a  secure  source. 


That  would  fit  a  terrorist’s  idea  of  a  perfect  crime. 
Just  like  the  attack  on  the  World  Trade  Center,  the 
target  contributes  to  the  spread  of  damages.  The  re¬ 
covery  processes  magnify  the  victims’  suffering. 
Meanwhile,  an  affected  information  system  remains 
inoperable,  and  the  personnel  who  depend  on  it  are 
unable  to  work.  Even  if  an  attack  fails,  the  terrorist 
wins  because  he  can  learn  from  each  failure.  Attacks 
are  cheap  and  almost  impossible  to  prevent,  and 
damages  can  be  enormous.  That’s  why  defending  the 
Internet’s  integrity  should  be  a  public  priority. 

The  Internet’s  current  vulnerability  is  largely  the 
result  of  gaping  holes  in  the  design  of  operating  sys¬ 
tems  that  power  servers.  Vendors  will  offer  “patches” 
to  plaster  over  known  cracks  but  will  never  fix  the 
systems’  architectures.  That’s  why  you  receive  one 
patch  after  another,  each  covering  yet  another  variant 
of  the  same  vulnerability.  When  you’re  operating  in  a 
war  zone,  you  can’t  tolerate  such  conduct,  because 
you  could  unwittingly  become  an  accomplice  to 
cyberterrorism.  The  solution  lies  in  mandating  gov¬ 
ernment  testing,  certification  and  standards,  just  as 

prescription  drugs,  automobiles  and  build¬ 
ings  are  regulated  to  assure  public  safety. 

The  Net’s  vulnerability  is  the  product  of 
sloppy  IT  practices.  Today,  even  driving  a 
car  or  operating  a  bulldozer  requires  for¬ 
mal  training,  an  examination,  certification 
and  adherence  to  codes.  IT,  which  has  be¬ 
come  the  lifeblood  of  America  in  the  past 
30  years,  leaves  network  operations  to  in¬ 
dividuals  who  have  no  legal  accountabili¬ 
ty.  In  the  information  war  zone,  you  can’t 
tolerate  such  leniency. 

The  freewheeling,  undisciplined  days  of 
network  management  practices  are  over. 

If  your  organization  is  connected  to  the 
Internet,  IT  must  assume  the  added  re¬ 
sponsibility  of  blocking  access  by  infor¬ 
mation  terrorists.  I 


PAUL  A.  STRASSMANN 
(paul@strassmann.com) . 

former  director  of 
defense  information  at 
the  Pentagon,  has  been 
lecturing  on  information 
warfare  at  the 
National  Defense 
University  since  1994. 
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As  the  first  CIO  at  USG,  a  100- 
year-old  construction  materials 
company,  Jean  Holley  had  to 
pour  a  new  IT  foundation. 

By  Kathleen  Melymuka 


WHEN  JEAN  HOLLEY 

walked  into  USG 
Corp.  in  1998,  it  was  a 
little  like  The  Land 
That  Time  Forgot.  As 
the  first  CIO  in  the 
100-year  history  of 
the  Chicago-based 
building  materials 

company,  she  had  to  deal  with  a  1970s 
IT  infrastructure,  a  mainframe-orient¬ 
ed  technology  staff  and  a  limiting  ser¬ 
vice-oriented  relationship  with  the 
business  units.  At  USG,  IT  was  viewed 
as  an  administrative  function  at  best 
and  as  an  obstacle  to  progress  at  worst. 

Holley,  the  company’s  first  female 
officer  and  an  outside  hire  in  an  orga¬ 
nization  that  nearly  always  promoted 
from  within,  was  given  a  mandate  by 
Chairman  and  CEO  William  C.  Foote 
to  “shake  things  up.”  Three  years  later, 
it’s  evident  she’s  done  just  that. 

“We  really  had  a  need  to  bring  in 
someone  to  elevate  the  profile  of  the 
IT  function  and  to  make  it  more  strate¬ 
gically  relevant,”  says  Ed  Bosowski,  se¬ 
nior  vice  president  for  marketing  and 
corporate  strategy  and  Holley’s  boss. 

When  Holley  arrived  from  Houston- 
based  Waste  Management  Inc.,  where 
she  had  served  as  IT  director,  she 
found  a  culture  that  was  resistant  to 


change.  “If  you  started  to  work  here, 
you  could  pretty  much  retire  or  die 
here,”  says  Tom  Maurice,  manager  of 
IT  for  standards  and  technology  and  a 
22-year  USG  veteran.  “People  would 
say,  ‘We’ve  done  it  this  way  for  20 
years,  and  that’s  how  we  do  it.’  ” 

Holley  wanted  to  transform  the  im¬ 
age  of  IT  among  corporate  brass  as 
well  as  on  the  plant  floor.  “For  our  se¬ 
nior  executives,  all  the  technical  stuff 
is  kind  of  icky,”  says  Mary  Higley,  an 
IT  director  who  was  in  charge  of  Y2k 
preparation  when  Holley  arrived. 

But  one  of  her  biggest  challenges 
was  to  erase  years  of  mistrust  between 


AT  A  GLANCE 


USG  Corp. 

HEADQUARTERS:  Chicago 

CHARTER:  Manufacturer  and 
distributor  of  building  materials, 
including  Sheetrock-brand  drywall 

REVENUE:  $3.8  billion 

EMPLOYEES:  13,000 

IT  EMPLOYEES:  More  than  150 

Note:  In  June,  US3  filed  for  Chapter  11 
protection  from  asbestos  lawsuits. 


the  businesses  units  and  IT.  “IT  used 
to  be  difficult  to  work  with,”  says  Tra¬ 
cy  Edwards,  director  of  internal  audit. 
“There  were  a  lot  of  roadblocks  and 
red  tape  and  not  a  lot  of  cooperation.” 

As  a  result,  end  users  in  the  1980s 
began  implementing  their  own  tech¬ 
nologies,  and  “rogue”  IT  organizations 
began  to  evolve  within  the  business 
units,  recalls  John  Reale,  who  was  then 
part  of  such  a  group  in  the  firm’s  sales 
and  marketing  department.  These 
kinds  of  IT  rebel  factions  were  com¬ 
mon  among  many  companies  in  the 
early  days  of  the  PC,  but  while  most  IT 
organizations  eventually  reabsorbed 
the  renegades  by  evolving  to  PC-based 
systems,  USG  never  did. 

Fixer-Upper 

Holley  inherited  about  100  corporate 
IT  employees  who  had  worked  under 
IT  director  Bill  Duran.  But  in  addition, 
there  were  unknown  numbers  of  rogue 
IT  workers  and  network  managers  in 
the  50  plants,  which  operated  indepen¬ 
dently  of  corporate  IT.  Before  Holley 
arrived,  there  were  virtually  no  stan¬ 
dards  in  place  outside  the  mainframe 
environment. 

The  staff  she  inherited  was  led  by 
seven  male  managers,  all  with  comput¬ 
er  science  backgrounds  and  10  to  25 
years  with  the  company.  “You  look  at 
that  and  wonder  how  many  fresh  ideas 
or  different  opinions  you  have,”  Holley 
says.  “We  had  a  lot  of  great  people  that 
were  all  the  same.” 

She  started  by  revamping  her  man¬ 
agement  team.  Duran,  a  28-year  USG 
veteran,  was  joined  as  IT  director  by 
Michelle  Cassin,  whom  Holley  had 
known  at  Waste  Management  and  val¬ 
ued  for  her  customer-centric  perspec¬ 
tive.  Cassin  took  over  computer  ser¬ 
vices,  help  desk  and  support. 
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Lisa  Vrablik,  also  from  Waste  Man¬ 
agement,  was  drafted  for  her  enter¬ 
prise  applications  savvy.  Higley,  with 
20  years  of  experience  in  USG  finance, 
auditing,  strategy  and  Y2k,  was  tapped 
as  chief  strategist.  Reale,  with  sales, 
customer  service,  plant  operations  and 
rogue  IT  expertise,  was  brought  over 
to  take  on  customer-based  applica¬ 
tions.  “This  is  a  very  different  team 
from  three  years  ago,  when  they  all 
looked  like  Bill,”  Holley  says. 

Holley  made  communications  Rule 
1,  Vrablik  says.  “So  often,  people  are 
quiet  at  a  meeting  and  then  they  go 


How  Did 
She  Do  It? 

Listed  below  are  some  of  Jean  Holley’s 
accomplishments  in  attempting  to 
change  the  corporate  culture  toward  IT 

GAINING  CORPORATE  BUY-IN: 

1.  Established  the  CIO  as  a 
strategic  corporate  player 

2.  Involved  senior  executives  in 
IT  decision-making 

3.  Forged  partnerships  with 
senior  business  managers 


ESTABLISHING  IT  BUY-IN 

1.  Diversified  IT  management 
team’s  personnel  and  outlook 

2.  Brought  rogue  IT  units  under 
corporate  umbrella 

3.  Developed  metrics  and  clear 
career  paths  for  IT  ranks 
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have  conversations  over  the  water 
cooler  and  you  find  out  what  they  real¬ 
ly  think,  and  then  you  have  another 
meeting.  We  don’t  do  that  in  IT.  We 
don’t  hold  back  at  all,”  she  says. 

For  example,  at  one  of  Reale’s  first 
meetings  with  the  group,  he  made  the 
mistake  of  saying,  “I’ll  discuss  it  with 
Jean  later.”  Holley  recalls  that  Cassin 
responded,  “Oh,  no,  John,  we  don’t 
have  a  meeting  after  a  meeting.  Bring  it 
up  now!” 

Holley  also  takes  the  whole  team  to 
conferences  or  visits  to  major  vendors 
to  gain  outside  perspectives.  “She 


forces  us  to  go  out  and  work  with  peo¬ 
ple  in  other  companies,”  says  Duran. 
“When  you’ve  been  focusing  on  cost 
for  so  many  years,  that’s  a  hard  turn, 
but  I  find  it  very  refreshing.” 

One  of  Holley’s  goals  was  to  empow¬ 
er  the  team  to  act  independently.  She 
realized  she  had  succeeded  when  the 
directors  began  meeting  without  her. 
“They  invite  me  for  my  [input],  and 
then  they  kick  me  out,”  she  says. 

Holley  also  revamped  the  IT  rank 
and  file  from  a  hodgepodge  of  80  job 
descriptions  to  three  career  tracks  for 
technicians,  managers  and  business 


analysts  —  a  new  concept  at  USG. 

Perhaps  the  most  surprising  thing 
she  did  was  allowing  the  IT  renegades 
to  continue  to  report  to  the  business 
units.  “Especially  in  a  manufacturing 
environment,  managers  would  hate 
you  if  you  yanked  out  their  IT  people,” 
she  explains.  Instead,  she  got  to  know 
the  business  unit  leaders  and  brought 
their  people  into  her  communications 
loop  with  no  strings  attached.  “You  get 
to  know  these  people,  you  share  your 
plans,  you  learn  about  theirs,  and  sud¬ 
denly  they’re  saying,  ‘When  can  I  come 
work  for  you?’  ”  she  says. 

Still,  it  took  time  for  Holley  and  her 
team  to  build  trust.  For  example,  Reale, 
who  helped  build  the  sales  force  auto¬ 
mation  group  outside  of  IT,  helped 
bring  it  back  into  the  fold  this  year. 
“Jean  has  eliminated  that  us-vs.-them 
approach,”  he  says. 

New  Foundations 

In  USG’s  manufacturing  division, 
which  is  hobbled  by  outdated  main¬ 
frame  systems,  Holley  and  Dom 
Danessa,  vice  president  of  manufactur¬ 
ing,  have  been  laying  the  groundwork 
for  a  new  infrastructure  —  and  achiev¬ 
ing  incremental  improvements  —  by 
standardizing  processes.  But  the  slow 
pace  of  change  is  difficult  for  both  of 
them.  “We’re  strapped  with  this  old 
system,  and  how  do  you  break  out  of  it 
when  you’ve  still  got  to  take  orders 
every  day?”  Danessa  says.  “You’ve  got 
to  have  a  plan  and  patience.” 

To  establish  the  CIO  position  among 
her  executive  peers,  Holley  formed  an 
IT  steering  committee,  which  includes 
the  heads  of  the  three  main  USG  busi¬ 
nesses.  Then  she  began  selling  her  vi¬ 
sion.  “IT  had  always  looked  at  things 
tactically,”  she  explains.  “I  have  a  10- 
year  outlook  with  a  five-year  rolling 


window  and  a  one-year  set  of  initia¬ 
tives  to  get  us  there.  Understanding 
that  and  getting  on  the  same  page  was 
probably  the  biggest  challenge.” 

Getting  the  steering  committee  to 
fund  major  improvements  has  been  a 
slow  process.  “There’s  a  little  bit  of,  ‘Be 
here  five  years,  Jean,  and  then  ask  for 
the  big  bucks,’  ”  she  says.  “I  wanted  to 
go  much  faster,  but  I  have  patience 
pills  in  my  desk,  and  I  take  a  lot  of 
them.” 

Holley  demands  that  the  steering 
committee  set  the  IT  agenda.  “Every 
time  there’s  a  big  project,  she  makes 
sure  there’s  a  senior  executive  sponsor, 
and  if  no  one  will  raise  his  hand,  then 
she’s  not  going  to  do  it,”  says  Vrablik. 

Holley  has  established  IT  metrics 
around  customers,  employees  and  fi¬ 
nancials,  and  she’s  building  on  IT’s 
successes.  Last  summer,  she  staged  a 
“show  and  tell”  for  the  steering  com¬ 
mittee  to  demonstrate  some  of  the 
small  victories  she’s  achieved  —  in¬ 
tranet  job  postings,  online  training  and 
customer  self-service  initiatives  —  and 
to  get  buy-in  for  more.  She  recently  got 
the  go-ahead  to  implement  Oracle  fi¬ 
nancials,  a  big  step  toward  revamping 
the  company’s  mainframe  systems. 

Now,  Holley  is  a  recognized  leader, 
says  Bosowski.  “She  has  made  great 
progress  in  making  IT  a  key  part  of 
corporate  strategy,”  he  says.  “She’s  also 
very  positive,  energetic  and  enthusias¬ 
tic.”  In  fact,  her  energy  is  legendary. 

“It’s  like  she  has  a  48-hour  day.”  says 
human  resources  director  Chris 
Rosenthal.  “I’m  still  trying  to  figure 
out  how  to  do  the  Holley  shuffle.”  I 


To  read  a  related  story  about  the 
employee  metrics  that  Jean  Holley 
has  set  at  USG  and  the  criteria 
behind  them,  go  to 

www.computerworld.com/q723452 
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Next  to  glamorous  dot¬ 
coms,  which  offered  IT 
professionals  the  chance 
to  change  the  world  and 
become  millionaires  while 
wearing  bluejeans  to 
work,  some  corporate  IT 
organizations  seemed  like  mousy 
country  kin,  especially  as  the  compa¬ 
nies  competed  for  the  same  limited 
pool  of  IT  talent. 

“The  dot-coms  gave  us  a  sense  of 
possibility,  of  the  tremendous  impact 
technology  can  have  on  a  business,” 
says  Cynthia  Hilliard.  As  executive  di¬ 
rector  of  IT  at  The  Longaberger  Co.,  a 
Newark,  Ohio-based  manufacturer  of 
handmade  baskets  and  high-end  home 
accessories,  she  says,  she  saw  dot-coms 
lure  away  several  of  her  employees. 

Now,  with  dot-coms  deflated  and 
technology  resumes  flooding  the  mar¬ 
ket,  questions  are  arising  about 
whether  corporate  IT  organizations 
have  learned  any  lessons  from  the  dot¬ 
coms,  and  what  IT  professionals  and 
job-seekers  can  expect  from  corporate 
employers. 

CIOs  and  IT  human  resources  con¬ 
sultants  say  it’s  still  too  early  to  gauge 
the  true,  lasting  impact  of  dot-coms  on 
the  IT  workplace.  Even  a  widespread 
practice  like  casual  dress  codes  could 
be  a  casualty,  with  some  businesses 
opting  to  return  to  a  more  button- 
down  look. 

But  sources  do  cite  two  apparent 
long-term  legacies  of  the  dot-com 
boom:  First,  IT  professionals  will  still 
ask  for  —  and  receive  —  high  salaries. 
Second,  corporate  employers  will  lure 
the  best  IT  talent  by  emphasizing  key 
ways  in  which  their  companies  differ 
from  dot-coms,  and  their  competitors. 

Hilliard  suggests  one  key  differentia¬ 
tor:  “You  still  need  to  offer  a  product 
or  service  people  want,”  she  says. 


“Technology  becomes  the  enabler  for 
that,  not  the  focus.” 

As  the  dot-com  dust  settles,  dot¬ 
com-style  dollars  are  still  in  the  air. 

The  demand  for  talent  during  the  dot¬ 
com  era  pushed  IT  salaries  to  new 
heights  in  the  first  place.  But  the  de¬ 
cline  of  those  companies  doesn’t  signal 
the  end  of  highly  competitive  compen¬ 
sation,  say  consultants  and  CIOs. 

“Salaries  were  driven  by  dot-coms,” 
says  Gene  Trudell,  general  manager  of 
computer  services  at  U.S.  Steel  LLC  in 
Pittsburgh.  In  his  view,  he  says,  the 
Y2k  crisis,  an  explosion  of  new  tech¬ 
nology,  and  the  Internet  came  together 
in  a  “perfect  storm”  effect,  escalating 
salaries  precipitously. 

“I’m  not  sure  that  was  an  objective 
stampede,”  Trudell  notes.  Still,  he  says, 
he  has  no  plans  to  reduce  salaries  and 
points  out  that  U.S.  Steel  did  make 
some  IT  salary  adjustments  to  “get  us 
in  line  with  the  IT  world.” 

Further,  as  his  CIO  counterparts  in 
the  Pittsburgh  area  were  paying  sign¬ 
ing  bonuses  of  $5,000  to  $10,000, 
Trudell  relied  on  a  17-year-old  intern¬ 
ship  program  to  insulate  his  depart¬ 
ment  from  an  overheated  IT  talent 
market.  Instead  of  advertising  open  po¬ 
sitions,  Trudell  filled  them  by  hiring  as 


many  as  half  of  each  group  of  interns 
to  provide  experienced  talent  for  U.S. 
Steel’s  offices  around  the  country. 

Other  corporate  CIOs  are  ensuring 
that  their  companies  are  competitive 
with  the  new  IT  salary  scale.  Long¬ 
aberger  is  completing  a  job  analysis 
survey,  comparing  its  IT  salaries  to 
those  in  the  marketplace,  even  though 
the  company’s  turnover  rate  is  less 
than  5%  this  year,  says  Hilliard. 

Consultants  note  that  while  their 
clients  aren’t  scaling  back  IT  salaries, 
they  will  be  offering  lower  raises.  But 
even  then,  the  drop  will  hardly  be  cata¬ 
clysmic.  “No  one  is  thinking  of  double¬ 
digit  increases,  but  the  percentages 
aren’t  dropping  to  the  4%  raises  seen 
by  the  non-IT  population,”  says 
Georgine  Young,  a  senior  consultant  at 
Lincolnshire,  Ill.-based  Hewitt  Associ¬ 
ates  LLC. 

Further,  consultants  say  many  cor¬ 
porate  IT  organizations  have  adopted 
the  dot-com  practice  of  project-  and 
performance-based  bonuses,  some¬ 
times  called  “variable  pay,”  and  are 
likely  to  continue  this  approach. 

“Ten  years  ago,  it  was  very  unusual 
for  nonmanagement  IT  professionals 
to  receive  this  kind  of  compensation,” 
says  Dave  Van  De  Voort,  leader  of  the 


While  hundreds  of  dot-com 
companies  have  ceased  to  be 
in  the  past  year,  they’ve  left  a 
lasting  impact  on  how  we  pay 
and  reward  IT  workers. 

By  Sharon  Watson 
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global  IT  workforce  effectiveness 
group  in  the  Chicago  office  of  William 
M.  Mercer  Inc.,  an  international  hu¬ 
man  resources  consulting  firm.  “That’s 
a  very  positive  legacy.” 

Similarly,  Van  De  Voort  and  other 
consultants  say  making  stock  options 
available  to  IT  employees  is  another 
permanent  dot-com  influence.  Mercer 
surveyed  500  IT  professionals  last  fall, 
and  even  though  many  had  seen  their 
stocks  lose  value,  most  said  they  want¬ 
ed  stock  as  part  of  their  compensation. 

A  New  Attitude 

All  the  dollars  tossed  around  to  woo 
IT  talent  may  have  forever  altered  how 
IT  professionals  view  their  jobs  —  a 
trend  corporate  IT  needs  to  anticipate 
because  it  could  affect  retention  and 
productivity,  say  several  consultants. 

For  example,  Van  De  Voort  says  he 
believes  the  money  frenzy  has  severed 
the  once-strong  link  between  the  in¬ 
trinsic  gratification  IT  professionals 
get  from  solving  technological  puzzles 
and  their  job  satisfaction. 

“We’ve  made  traditional  IT  more 
coin-operated”  in  that  more  IT  profes¬ 
sionals  may  now  rank  money  ahead  of 
challenges,  Van  De  Voort  says.  “That’s 
a  real  loss.” 


Job  loyalty  may  also  be  gone,  as  IT 
professionals  have  grown  to  appreciate 
their  worth,  at  least  within  savvy  cor¬ 
porations. 

“IT  professionals  now  understand 
you  don’t  work  somewhere  forever,” 
says  Linda  Pittenger,  president  and 
CEO  of  People3  Inc.,  a  Gartner  Inc.  hu¬ 
man  resources  consultancy  in  Bridge- 
water,  N.J. 

“Conditions  are  perfect  for  IT  pro¬ 
fessionals  to  be  free  agents,”  says 
Bruce  Tulgan,  author  of  Winning  the 
Talent  Wars  (WW.  Norton  &  Co.,  2001) 
and  founder  of  RainmakerThinking 
Inc.  in  New  Haven,  Conn.  “They’ll  just 
find  they’re  free  agents  in  a  more  com¬ 
petitive  market.” 

Some  consultants  say  corporations 
may  wind  up  relying  on  money  to  mo¬ 
tivate  talent  because  too  few  corporate 
IT  departments  can  match  the  atmos¬ 
phere  of  excitement  and  purpose  that 
drove  so  many  dot-com  firms  and  cor¬ 
porate  dot-com  initiatives. 

However,  many  CIOs  say  more  than 
a  few  IT  employees  who  left  for  dot¬ 
coms  wound  up  missing  some  aspects 
of  their  old  jobs. 

“They’d  call  and  say  they  were  work¬ 
ing  like  dogs,  or  that  the  IPO  wasn’t 
going  to  happen,”  Hilliard  recounts. 


She  notes  that  Longaberger,  a  family- 
owned  company,  has  long  offered  a 
casual-dress  atmosphere,  a  wide  vari¬ 
ety  of  projects  to  work  on  and  an  em¬ 
phasis  on  work/life  balance.  When 
dot-com  defectors  called  her  to  ask  for 
their  old  jobs  back,  most  said  they  es¬ 
pecially  missed  that  balance,  according 
to  Hilliard. 

But  prodigal  IT  talent  shouldn’t 
count  on  their  former  CIOs  fattening 
calves  for  them.  CIOs  say  they  consid¬ 
er  rehiring  only  the  very  best  of  these 
former  employees.  And  no  CIO  would 
admit  to  making  any  environmental 
changes  based  on  a  former  dot-com 
employee’s  advice. 

In  fact,  many  corporate  CIOs  say 
that  rather  than  changing  their 
cultures,  the  dot-com  boom  has  led 
them  to  emphasize  their  organizations’ 
differences  as  selling  points  to  poten¬ 
tial  IT  talent.  For  example,  Trudell  says 
U.S.  Steel  can’t  permit  its  IT  employ¬ 
ees  complete  scheduling  freedom,  but 
he  does  offer  flextime  within  limits  — 
and  he  emphasizes  that  unlike  the  dot¬ 
com  world,  his  IT  professionals  gener¬ 
ally  work  reasonable,  not  round-the- 
clock,  hours. 

Another  “brand  benefit”  that  corpo¬ 
rate  IT  departments  could  emphasize 
is  the  fact  that,  like  many  dot-coms, 
they  enable  IT  professionals  to  follow 
career  paths  that  encompass  technical 
and  business  positions,  but  in  a  more 
stable  environment  than  most  dot¬ 
coms  offered. 

For  example,  Suzanne  Yoder  is 
e-business  manager  at  arts-and-crafts 
company  Plaid  Enterprises  Inc.  in  Nor- 
cross,  Ga.  She  says  she  came  to  that 
position  from  the  company’s  market¬ 
ing  and  branding  organization,  so  she 
knew  that  providing  product  informa¬ 
tion,  project  ideas  and  consumer  in¬ 
structions  were  vital  to  effectively  sell¬ 
ing  arts-and-crafts  materials.  Yoder 
then  learned  the  technology  to  ensure 
that  those  critical  cross-references 
were  mirrored  in  the  database  driving 
the  company’s  Web  site. 

It’s  that  kind  of  flexibility  that  more 
IT  professionals  are  enjoying  today, 
says  Van  De  Voort.  “IT  skills  are  very 
transportable,”  he  says. 

The  downside  of  that  is  a  dilution  of 
what  it  means  to  be  an  IT  professional, 
because  so  many  people  can  claim  that 
title.  The  upside,  however,  is  that  as  IT 
permeates  all  aspects  of  the  business 
world,  it  becomes  a  tool  for  creating 
new  business,  thus  enhancing  the  val¬ 
ue  of  IT  employees  and  the  role  of  the 
CIO,  says  Van  De  Voort.  ► 


Watson  is  a  freelance  writer  in  Chicago. 


Learning  to 
Forgive  and 
Forget 

If  you're  a  CIO  or  IT  executive, 
don’t  be  too  sure  that  the  dot-com 
bust  has  left  you  sitting  in  the  cat¬ 
bird  seat  when  it  comes  to  hiring 
IT  talent  or  retaining  existing  pro¬ 
fessionals.  The  consensus  is  that 
talent  is  still  scarce  for  some  key 
positions  and  your  best  IT  profes¬ 
sionals  will  always  be  in  demand 
by  someone. 

Strategies  to  Consider: 

Keep  salaries  competitive.  “If  you  try  to 

get  cheap  with  your  IT  workforce,  you'll  be 
talking  to  me  this  time  next  year  about  your 
turnover  problem,”  says  Dave  Van  De 
Voort,  leader  of  the  global  IT  workforce  ef¬ 
fectiveness  group  at  William  M.  Mercer. 

It’s  unlikely  you'll  have  the  leeway  with 
your  IT  hiring  budget  that  you  may  have  en¬ 
joyed  in  recent  years,  say  human  resources 
consultants;  however,  higher  IT  salaries  are 
here  to  stay,  so  expect  to  pay  market  rates 
for  proven  professionals.  Annual  bonuses 
for  IT  are  likely  to  drop  across  all  industries, 
though. 

Make  nice  with  your  hard-to-replace 
professionals.  IT  talent  with  hard-to-find 
skills  can  still  negotiate  on  their  own  terms. 
According  to  the  “People3  2001  IT  Market 
Compensation  Study,”  released  in  July,  the 
hot  titles  in  demand  are  network  architect, 
which  takes  an  average  of  4.2  months  to 
fill;  database  administrator  (3.7  months); 
network  engineer  (3.6  months);  and  man¬ 
ager  of  client  technology  (3.3  months). 

Be  selective  when  you  can.  With  more 
professionals  on  the  market,  for  many 
positions,  you  don’t  have  to  hire  the  first 
warm  body  that  comes  along.  Human  re¬ 
sources  consultants  warn  IT  departments 
to  check  references  and  ask  tough  ques¬ 
tions  to  ensure  that  candidates  truly  have 
the  skills  they're  claiming. 

Try  a  new  approach.  Now  is  a  prime 
time  to  test  new  thinking  about  how  to 
staff  your  department.  “Get  much  better  at 
flexible  staffing,"  urges  Bruce  Tulgan,  au¬ 
thor  of  Winning  the  Talent  Wars  and 
founder  of  RainmakerThinking.  He  recom¬ 
mends  taking  a  page  from  the  dot-coms 
and  hiring  teams  of  independent  special¬ 
ists  on  an  as-needed  basis  to  tackle  specif¬ 
ic  projects,  basing  pay  strictly  on  perfor¬ 
mance,  such  as  deadlines  met  and  results 
delivered. 

-  Sharon  Watson 


“THE  DOT-COMS  gave  us  a  sense  of  possibility,”  says  Cynthia  Hilliard  of  Longaberger, 
pictured  outside  Longaberger’s  headquarters  building  in  Newark,  Ohio. 
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Ford’s  Vehicle- 
Delivery  Project 
Ahead  of  Plan 

Last  year,  we  reported  on  Ford’s  plans  to 
enlist  UPS  Logistics  in  making  new  car 
and  truck  deliveries  speedier  and  more 
predictable.  Twenty  months  later,  they’re 
ahead  of  schedule.  By  Kim  S.  Nash 


Were  optimistic 
in  achieving  4% 
or  5%  additional 
improvement 
[by  the  end  of 
the  year]. 

FRANK  TAYLOR,  VICE  PRESIDENT  OF 
MATERIAL.  PLANNING  AND  LOGISTICS, 
FORD  MOTOR  CO. 


Ford  motor  co.  and  UPS  Lo¬ 
gistics  Group  Inc.  are  seeing 
productivity  gains  six  months 
sooner  than  expected  from  a 
system  designed  to  make  new 
car  and  truck  delivery  faster  and  more 
predictable. 

Ford  has  adopted  proprietary,  Unix- 
based  logistics  software  from  UPS  Lo¬ 
gistics.  It  replaces  a  group  of 
homegrown  systems  and 
manual  processes  that 
weren’t  able  to  give  Ford 
managers  a  complete  status  report  on 
its  cars  and  trucks  as  they  are  en  route 
to  dealerships  in  the  U.S. 

In  February  2000  [News,  Feb.  7, 
2000],  Ford  began  work  with  the 
United  Parcel  Service  Inc.  division  in 
an  effort  that  has  already  knocked  four 
days  out  of  the  typical  14-  or  15-day  cy¬ 
cle  for  moving  a  vehicle  from  a  manu¬ 
facturing  plant  to  a  dealership.  By  do¬ 
ing  so,  Ford  also  has  seen  the  value  of 
its  vehicle  inventory  shrink  by  $1  bil¬ 
lion,  which,  in  turn,  is  expected  to  cut 
annual  inventory-carrying  costs  by 
$125  million,  according  to  officials  at 
the  automaker. 

The  ultimate  goal  for  the  two  com¬ 
panies  is  to  decrease  delivery  time  by 
two  more  days  —  for  a  total  of  six  — 
and  they’re  almost  there. 

“We’re  optimistic  in  achieving  4%  or 
5%  additional  improvement”  by  the 
end  of  the  year,  says  Frank  Taylor, 
Ford’s  vice  president  of  material,  plan¬ 
ning  and  logistics.  That  could  translate 
into  eliminating  as  much  as  another 
day  from  the  process  by  December. 


Historically,  Ford  gave  dealerships 
estimated  delivery  dates  that  weren’t 
accurate.  Those  dates  were  then 
passed  along  to  waiting  customers.  In 
addition,  railroad  or  trucking  delays 
would  further  alter  the  schedule.  Ulti¬ 
mately,  Ford  didn’t  have  a  good  handle 
on  the  status  of  its  vehicles  in  transit. 

“Once  you  shipped  it,  you  couldn’t 
give  a  reliable  date,  plus  or  minus  days, 
when  anyone  would  see  it  or  where  it 
was,”  Taylor  says.  “And  now  we  can.” 

Stand  and  Deliver 

Pete  Greiner,  owner  of  the  Greiner 
Ford  dealership  in  Casper,  Wyo.,  says 
he  began  to  see  better  delivery  fore¬ 
casts  last  summer,  about  six  months 
into  the  process. 

In  the  past,  Greiner  would  tell  wait¬ 
ing  customers  that  their  cars  and 
trucks  would  arrive  within  a  range  of 
several  days.  Sometimes  that  wasn’t 
good  enough. 

“We’ve  had  consumers  get  so  frus¬ 
trated  because  [they  had]  vacations  or 
hunting  trips  coming  up.  They’d  say,  ‘If 
you  can’t  get  the  truck  in  time,  I’m  go¬ 
ing  elsewhere,’  ”  Greiner  says.  “Now, 
we  can  say  to  customers,  ‘We  firmly 
believe  your  truck  will  be  here  Aug. 

25,’  and,  by  golly,  it  shows  up.” 

Most  of  Ford’s  legacy  systems  for 
tracking  vehicle  delivery  were  home¬ 
grown  point  solutions  that  didn’t  give 
the  company  a  unified  view  of  events. 
In  fact,  a  lot  of  the  in¬ 
formation  used  for  tracking 
vehicles  was  scribbled 
down  on  paper. 

The  Ford  system  tracks  cars  and 
trucks  by  vehicle  identification  num¬ 
ber  (VIN).  Workers  from  UPS  Logis¬ 
tics  and  Ford,  as  well  as  people  at  the 
railroads  and  trucking  companies  that 
haul  Ford  vehicles,  use  handheld  com¬ 
puters  to  scan  the  bar  codes  for  each 
VIN  as  the  vehicle  proceeds  from  a 
plant  via  rail  or  truck  to  a  dealership. 

Executives  from  both  Atlanta-based 


UPS  Logistics  and  Ford  declined  to 
comment  on  how  much  the  project  has 
cost.  One-hundred  and  twenty  people 
are  involved:  93  from  UPS  Logistics 
and  27  from  Ford. 

Aside  from  technology  changes,  re¬ 
arranging  the  people  processes  along 
the  distribution  chain  has  also  helped 
improve  delivery  performance. 

For  example.  Ford  has  persuaded 
some  of  its  6,000  dealerships  to  extend 
the  hours  during  which  they  will  re¬ 
ceive  and  unload  new  vehicles. 

Previously,  dealers  typically  accept¬ 
ed  vehicles  Mondays  through  Fridays 
from  9  a.m.  to  5  p.m.  Now,  many  deal¬ 
ers  will  take  delivery  in  the  evenings 
and  on  weekends. 

UPS  Logistics  helped  Ford  figure  out 
that  having  a  wider  window  for  deliv¬ 
ery  meant  less  of  a  backlog  on  Ford’s 
railroad  and  highway  carrier  routes. 
UPS  Logistics  monitors  the  traffic  at 
railroad  offices  and  out  in  the  field, 
says  Andy  Gonta,  vice  president  of  au¬ 
tomotive  at  Canadian  National  Railway 
Co.  in  Montreal. 

Before,  a  shipment  of  cars  and 
trucks  “would  hit  a  facility  on  a  Friday 
and  would  sit  until  Monday,  and  so 
would  the  vehicles  that  hit  on  Saturday 
or  Sunday,”  Gonta  explains.  “It  would 
take  you  until  Wednesday  to  get  it 
sorted  out.” 

Next  on  Ford’s  agenda:  a  Web  appli¬ 
cation  designed  to  let  dealerships  track 
specific  vehicles  in  transit  in  real  time. 
The  system  will  allow  dealers  to  ex¬ 
tract  data  from  Ford’s  many  different 
back-end  manufacturing  systems,  com¬ 
bine  it  with  information  from  rail  and 
truck  carriers  and  funnel  it  all  into  a 
middleware  system  that  will  collate  it 
before  it’s  Web-enabled. 

Ford  said  it  expects  to  roll  out  the 
application  next  year;  21  Ford  dealers 
are  now  testing  it. 

Ultimately,  Taylor  says,  the  system 
will  be  “very  close”  to  UPS’s  own  Web- 
based  package-tracking  application.  ft 


Ford  Motor  Co.  and 
UPS  Logistics  Group  Inc. 

GOALS_ STATUS  REPORT 

1.  Cut  up  to  six  days  from  a  vehicle-deliv-  1.  Four  days  have  been  cut  from  vehicle  delivery, 

ery  period  that's  typically  two  weeks  long  a  milestone  reached  six  months  ahead  of  plan. 

2.  Make  delivery  more  predictable  by  ^ ^  2.  $1  billion  worth  of  vehicle  inventory  has  been 

knowing  more  about  the  location  of  cars  J  reduced.  Ford  expects  to  cut  annual  inventory- 
en  route  from  Ford  to  dealerships  carrying  costs  by  $125  million. 

3.  Create  a  Web-based  vehicle-tracking  3.  The  Web-tracking  system,  now  in  pilot  test- 

application  similar  to  UPS’s  package-  in9.  is  due  next  year. 

tracking  system 
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The  hp  netserver. 

Developed  by  gifted  engineers, 

priced  by  someone  else. 


Now  you  can  get  an  ingenious  HP 
Netserver  at  a  downright  silly  price. 
HP  Netservers  are  reliable  and  fast,  and 
feature  Intel®  Pentium®  III  processors.  And 
Netserver  has  the  memory  and  storage  you 
need  to  keep  your  business  up  and 
running.  For  a  limited  time,  get  0%  apr 
financing*  on  selected  e800  Netservers. 
HP's  hottest  servers  at  their  lowest  prices 
ever.  Now  that's  savings  you  can  rely  on. 


invent 


hp  netserver  e800 


•  Intel®  Pentium®  III  processor  866MHz 
w/256KB  L2  cache  •  128MB  ECC  SDRAM 

•  9.1GB  SCSI  HDD  •  40x  Max-speed 

CD-ROM  •  0%  apr  financing*  available  - 
contact  your  local 
reseller  by  calling 
888.276.9876  or  visit 
www.bstore.hp.com  SKU  P2458A 

Offer  ends  October  31,  2001 . 


Call  1.800.243.9812,  contact  your  local  reseller,  or  visit  wvsrw.hp.com/go/bizsku32 

V.  .  A 

*0%  apr  financing  based  upon  a  24-month  financing  term  and  subject  to  final  HP  credit  approval.  Minimum  financed  amount  is  $1500.  More  than  one  new  server  may  need  to  be  purchased  to  qualify.  Estimated  street  price  for  the  e800  P2458A  <s  $949  e800  P2460A 
is  $1499.  Estimated  monthly  payment  is  $39  and  $63  respectively.  Actual  prices  may  vary.  Offer  expires  October  31,  2001 .  Intel,  the  Intel  Inside  logo  and  Pentium  are  registered  trademarks  of  Intel  Corporation  ©200 1  HewiettPockard  Company  All  nghts  reserved. 
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The  death  ofbusiness-to-business 
e-commerce  has  been  greatly  exagger¬ 
ated,  says  Sandy  Kemper,  who  in  July 
was  elected  chairman  of  the  Global 
Trading  Web  Association,  the  board 
council  for  the  Global  Trading  Web 
(GTW). 

Corporate  members  of  the  associa¬ 
tion,  such'as  Cable  &  Wireless  PLC, 
Citigroup  Inc.,  Commerce  One  Inc., 
Deutsche  Telekom  AG,  Mitsubishi 
Electric  Corp.  and  Pricewaterhouse- 
Coopers,  have  seen  their  respective 
e-commerce  activities  grow  400%  to 
500%  annually,  Kemper  says. 

But  to  keep  the  e-ball  rolling,  par¬ 
ticipants  must  now  work  together 
to  establish  interoperability  across 
markets,  not  just  within  their  own 
markets,  says  Kemper,  who  is  also 
CEO  of  eScout  LLC,  a  Lees  Summit, 
Mo.-based  B2B  exchange.  Kemper 
recently  discussed  these  issues  with 
Computerworld’s  Gary  H.  Anthes. 


What  are  the  immediate  goals  for  the  GTW? 

The  first  is  to  manifest  success  in 
the  [individual  member]  market¬ 
places.  How  do  we  measure  that? 
Transaction  volumes,  revenues 
and  cost  savings.  The  second  goal 
is  to  make  more  robust  the  inter¬ 
operations  that  are  across  the  vari¬ 
ous  marketplaces. 


WHO  IS  HE? 

Alexander  “Sandy” 
Kemper,  36,  is  chair¬ 
man  of  the  Global 
Trading  Web  Asso¬ 
ciation,  a  group  of 
44  providers  and 
users  of  electronic 
services  to  250,000 
companies  in  more 
than  100  countries. 


How  are  these  marketplaces  doing  now  in 
terms  of  transactions,  revenue  and 
cost  savings?  Very  few  [electronic] 
marketplaces  around  the  world 
have  lived  up  to  their  own  projec¬ 
tions,  in  part  because  everyone 
was  too  optimistic  about  how 
quickly  cultural  change  would 
take  place  in  the  way  people  were 
procuring.  But  clearly,  change  is 
taking  place.  Transactions  are  up, 
revenues  are  up.  [GTW]  has  never 
announced  revenue  and  transac¬ 
tions  as  an  entity.  But  you’ll  soon 
see  an  announcement  that  will  be 
fairly  stunning. 

What  advice  would  you  offer  a  company 
that’s  about  to  embark  on  a  business- 
to-business  e-commerce  initiative? 

The  implementation  of  e-com- 
merce  in  any  company  must  be 
driven  by  top  management.  We 
are  talking  about  significant  bot¬ 
tom-line  savings,  but  sometimes 
those  savings  come  at  a  cost  to  the 
existing  structure  and  to  the  peo¬ 
ple  in  that  structure.  There’s  cul¬ 
tural  resistance  and  fear.  You  can 
take  a  lot  of  menial,  manual  work 
out  of  the  purchasing  department. 
But  to  think  that  this  is  something 
that’s  going  to  be  quickly  adopted 
in  the  purchasing  department  is 
probably  false  without  strong  sup¬ 
port  from  the  top. 

How  can  you  achieve  the  interoperability 
across  marketplaces  that  you  are  seek¬ 
ing?  The  technological  problems 
have  gone  a  long  way  to  being 
solved.  What’s  important  now  is 
the  business  rules.  The  creation  of 
trust  is  perhaps  the  most  impor¬ 
tant  mandate  we  have  today  inside 
the  GTW,  a  trust  that  will  enable 
us  to  build  business  relationships 
that  will  cause  intermarketplace 
trade. 

Does  that  include  security?  Security  is 
part  of  trust.  We  have  to  maintain 
security  and  privacy,  and  there  has 
to  be  economic  standards  for  inter¬ 
marketplace  trade.  If  I  sell  this  in 


your  marketplace,  how  will  you 
treat  my  buyer?  And  if  a  buyer 
from  your  marketplace  is  transact¬ 
ing  with  a  supplier  in  mine,  how 
will  I  treat  that  buyer?  How  will 
you  treat  my  supplier?  And  it  can’t 
be  a  closed  environment.  It’s  de 
facto  evidence  of  lack  of  trust  if 
you  don’t  open  up  to  everyone. 
Rules  for  interoperability  have 
more  to  do  now,  I  believe,  with 
the  basics  of  business  and  less 
with  the  basics  of  technology. 

Still,  we  hear  about  battles  between  elec¬ 
tronic  data  interchange  (EDI)  and  XML. 

EDI  and  XML  aren’t  incompatible. 
You  can  take  EDI  and  wrap  it  in 
an  XML  wrapper  and  move  it  into 
an  XML-based  system  and  be  just 
fine.  We  want  to  make  possible 
transactions  in  EDI,  XML,  even 
paper-based  transactions  —  flat- 
file  transactions.  We  have  to  make 
sure  we  are  not  putting  up  any  bar¬ 
riers  to  entry. 

Why  is  the  GTW  now  becoming  independent 
from  its  creator,  Commerce  One? 

[Commerce  One]  created  the  GTW 
operating  on  [its]  platform.  Now 
the  GTW  has  reached  enough  crit¬ 
ical  mass  to  stand  on  its  own,  and 
the  GTW  recognized  it  must  be 
open  to  all  marketplace  operators, 
not  just  those  on  [that]  platform. 
We  have  to  make  sure  our  interop¬ 
erability  standards  are  not  specific 
to  any  particular  technology.  So 
that’s  Ariba,  Oracle,  SAP  —  any 
technology  platform. 

In  speeches,  you  have  consistently  been  the 
champion  of  the  little  guys,  the  small 
and  midsize  companies.  It’s  not  just 
because  I  like  the  little  guy.  Small 
and  midsized  enterprises  [repre¬ 
sent]  65%  of  the  [U.S.]  economy. 
You  can  build  giant  applications 
for  giant  corporations  and  still 
only  get  35%  of  the  economy. 

So  no  [GTW]  e-procurement  or 
e-commerce  plan  will  be  complete 
without  full  inclusion  of  the  sec¬ 
ond-,  third-  and  fourth-tier  manu¬ 
facturers  and  suppliers  in  the 
supply  chain. 

Is  there  a  danger  that  won’t  happen? 

Yes. . . .  But  eScout  exists  because 
we  have  [served]  those  little  guys. 
I  have  16,000  or  17,000  buying 
corporations  in  our  marketplace, 
and  I  am  seeing  increased  [spend¬ 
ing]  and  increased  transactions. 
Every  week  this  year,  we  set  a 
new  record,  t 


Interoperability 
Across  E-MarKets 


Sale-priced  facelifts  bad. 

Sale-priced  computers  good. 


Tired  of  too-good-to-be-true  sale  prices 
making  you  look  bad?  Then  you'll  love 
the  deals  HP  is  offering  on  Vectra  desktop 
computers.  Vectra  is  easy  to  manage  and 
support,  and  uses  an  Intel®  Pentium®  III 
processor  to  give  you  the  speed  and 
power  you  crave.  With  128MB  of  RAM, 
HP's  Vectra  is  powerful,  smart,  and  won't 
leave  you  grimacing. 


invent 


HP  PCs  use  genuine  Microsoft  Windows 
www.microsoft.com/piracy/howtotell 


hp  vectra  VL400 

•  Intel®  Pentium®  III  processor  933MHz 

•  128  MB  SDRAM  •  20GB  Ultra  ATA/66 

•  Intel  Direct  3D  AGP  •  48x  Max-speed 
CD-ROM  •  10/100 

integrated  LAN 

•  Microsoft®  O  #  # 

Windows®  9  8  SKU  P4379T 


Offer  ends  October  31,  2001 . 


Call  1.800.243.9812,  contact  your  local  reseller,  or  visit  www.hp.com/go/bizsku32 
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WHEN  JOE  GALLO, 
vice  president 
and  chief  tech¬ 
nology  officer  at 
Cox  Interactive 
Media  Inc.,  goes 

to  work,  he  heads  upstairs  to  an  At¬ 
lanta  loft  with  a  lounge,  ping-pong 
table,  refrigerators  with  soft  drinks  and 
—  important  when  there’s  a  looming 
deadline  —  free  coffee. 

Things  have  come  a  long  way  since 
Gallo  began  his  career  at  Electronic 
Data  Systems  Corp.,  at  a  time  when 
that  company  had  just  started  allowing 
employees  to  wear  striped  shirts. 

“Even  a  major  company  like  EDS  is 
business  casual  now,  and  they’re  all 
IT,”  Gallo  says. 

Now  that  corporations  have  fully 
embraced  technology  and  the  need  to 
compete  for  skilled  technologists,  the 
way  in  which  IT  professionals  work  is 
undergoing  a  variety  of  changes. 

Despite  the  closing  of  dot-coms  in 
massive  scale,  those  companies  have 
had  a  dramatic  impact  on  the  perks 
that  IT  workers  are  offered,  on  the 
access  to  technology  that  workers 
across  the  board  can  enjoy  and  on  the 
environment  that  companies  provide 
for  them.  But  there  is  some  disagree¬ 
ment  emerging  on  whether  the 
changes  are  for  the  better  or  worse. 

IT  professionals  are  often  dressed 
in  jeans  and  focusing  on  business  ba¬ 
sics  — many  times  from  the  comfort  of 
their  own  homes.  But  some  ask,  in  the 
face  of  high  pressure  and  short  dead¬ 
lines,  whether  such  trends  actually 
threaten  to  derail  future  progress  or 
the  image  of  the  IT  worker. 

“The  change  started  to  occur  with 
the  era  of  client/server,”  says  Neil  Fox, 
vice  president  and  CIO  at  Cleveland- 
based  Management  Recruiters  Interna¬ 
tional  Inc.  “Then  the  Internet  changed 
everything.  People  realized  that  you 
could  actually  create  an  application 
and  deploy  it  in  less  than  12  months.” 

Many  would  argue  that  an  increased 
emphasis  on  business  could  only  do  a 
world  of  good.  But  not  all  IT  profes¬ 
sionals  see  every  change  hitting  the 
technical  workplace  as  positive.  Pres¬ 
sures  on  businesses  have  extended  to 
technology  groups.  Deadlines  continue 
to  become  shorter  as  companies  want 
increasing  benefits  with  faster  turn¬ 
around,  and  technologists  are  being 
held  accountable  for  providing  results. 

“In  the  old  days,  I  had  a  lifetime 
contract,”  says  Tracy  Amabile,  a  part¬ 
ner  in  human  resources  for  manage¬ 
ment  consulting  at  Price  Waterhouse- 
Coopers.  “Now,  there’s  a  focus  on 
how  do  I  become  more  employable, 


How 

We’ll 

Wbrk 

The  IT  workplace  is  undergoing 
change,  especially  in  the  wake  of 
the  dot-com  mania.  Not  every¬ 
one  thinks  the  changes  are  for 
the  best.  By  Erik  Sherman 


not  how  do  I  stay  employed.” 

Despite  the  slowdown  in  the  econ¬ 
omy,  job  hopping  has  become  the 
norm  for  IT  professionals.  Having  a 
number  of  previous  employers  on  a 
resume  is  no  longer  something  nega¬ 
tive,  which  makes  retaining  employ¬ 
ees  more  difficult. 

“Attracting  and  retaining  and  moti¬ 
vating  technologists  is  a  survival  issue 
for  this  millennium,”  says  Allan  Woods, 
vice  chairman  and  chief  information 
officer  at  Mellon  Financial  Corp.  in 
Pittsburgh. 

“Clearly,  you  have  to  pay  people  — 
it’s  the  price  of  admission.  But  those 
are  openers,  jacks  or  better,”  Woods 
says.  Increased  compensation  will 
come  from  incentive  pay,  and  not 
everyone  will  receive  it.  Mellon  plans 
to  focus  on  rewarding  top  employees. 

Some  workplace  trends  could  even 
be  counter  to  business  ends,  like  the 
notion  of  dispersing  IT  workers. 

“Because  IT  has  enabled  people  to 
work  anywhere,  the  big  push  for  com¬ 
panies  is  to  use  location  to  recruit  and 
retain  people,”  says  Bob  Gaudreau, 
who  is  in  charge  of  U.S.  development 
for  Regus  Management  Ltd.  in  Chert- 
sey,  England. 

But  scattering  employees  can  have 
some  unexpected  consequences.  “One 
thing  that’s  gone  downhill  in  an  unfor¬ 
tunate  way  was  the  demise  of  the  ter¬ 
minal  room,”  says  Fisher.  “There  was  a 
lot  of  informal  information-sharing 
that  is  not  as  intense  now  that  every¬ 
body’s  got  their  own  computer.” 

Then  there  are  the  psychological 
ramifications,  says  Edward  Klein, 
who  is  a  professor  in  the  psychology 
and  psychiatry  departments  at  the 
University  of  Cincinnati  and  a  faculty 
member  at  the  Cincinnati  Psychoana¬ 
lytic  Institute. 

“Social  and  work  connections  are 
needed  to  maintain  a  tie  between  the 
employee  and  the  organization,”  says 
Klein,  who  emphasizes  the  need  for 
group  action  and  activity.  “Even 
though  you  can  do  a  lot  of  things  by 
teleconferencing  or  e-mail,  I’m  talking 
about  the  psychological  connected¬ 
ness.”  The  result  could  add  to  disloyal¬ 
ty  and  higher  turnover. 

So  in  a  way,  some  of  the  current 
trends  in  IT  departments  could  move 
people  back  to  an  isolated  existence 
similar  to  early  data  processing 
departments.  The  trick  for  companies 
will  be  to  add  flexibility  in  the  work¬ 
place  without  severing  the  connection 
between  technology  and  business.  I 


Sherman  is  a  freelance  writer  in 
Marshfield,  Mass. 


The  hp  omnibook  will 

moke  you  more  mobile. 

Your  heavy  wallet  will 

make  you  less  mobile. 


pentium’4/// 


Now  you  can  get  a  small,  lightweight 
HP  Omnibook  at  a  small,  lightweight  price. 
The  Omnibook  is  fast  and  powerful, 
featuring  a  mobile  Intel®  Pentium®  III 
processor.  And  Omnibook  has  a  large, 
clear  display  and  a  powerful  battery  that 
allows  you  to  get  up  and  go  for  up  to  four 
hours  without  recharging.  Which  goes  to 
show  that  while  mobility  may  have  a  price, 
it  doesn't  have  to  drain  your  wallet. 


HP  PCs  use  genuine  Microsoft  Windows 
www.microsoft.com/piracy/howtotell 


hp  omnibook  XE3 

•  Mobile  Intel®  Pentium®  III  processor  850MHz 

•  14.1-inch  TFT  display  •  128MB  SDRAM 

•  20GB  enhanced  IDE  HDD  •  S3  Savage/IX 
graphics  controller  •  56K  v. 90-compatible 
modem  -  1 0/ 1 00  LAN 

combo  •  8x  Max-speed  5  T|  "Iww 
DVD-ROM  •  Microsoft® 

Windows®  98  F2337WT 


Offer  ends  October  31,  2001 . 


Call  1.800.243.9812,  contact  your  local  reseller,  or  visit  www.hp.com/go/bizsku32 


Price  is  estimated  street  price.  Actual  price  may  vary.  Photographs  may  not  accurately  represent  exact  configurations  priced.  Intel,  the  Intel  Inside  logo  and  Pentium  are  registered  trademarks  of  Intel  Corporation 
trademarks  or  trademarks  of  the  Microsoft  Corporation  in  the  United  States  and  other  countries.  ©2001  Hewlett-Packard  Company.  All  rights  reserved. 
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Security 

Ambassadors 


As  companies 
increasingly  put 
security  in  the 
hands  of  systems 
specialists,  they 
need  IT  liaisons 
who  can  trans¬ 
late  the  needs 
of  business.  By 
Deborah  Radcliff 


A  FEW  YEARS  AGO, 
American  Family 
Mutual  Insurance 
Co.  ran  its  IT  op¬ 
erations  like  most 
other  companies  do:  Business 
units  would  hand  down  an 
order  for  a  new  program  or 
functionality,  and  IT  would 
build  it. 

And  as  in  most  large  organi¬ 
zations,  a  security  manager 
would  attempt  to  advise  de¬ 
velopers  on  vulnerable  points 
and  security  requirements. 

But  that  approach  stretched 
the  lone  security  manager  too 
thin,  says  Mike  Kleckner,  who 
held  that  position  at  American 
Family  three  years  ago. 

So  Winnie  Schumann,  di¬ 
rector  of  enterprise  technolo¬ 
gy  strategies  at  the  Madison, 
Wis.-based  company,  decided 
to  put  security  controls  into 
the  hands  of  the  systems  spe¬ 
cialists  who  knew  their  tech¬ 
nology  the  best.  Then,  she 
handed  the  choices  of  individ¬ 
ual  security  controls  to  the 
business  units  that  owned  the 
data  in  question. 


All  that  was  needed  was 
someone  to  decipher  the  busi¬ 
ness  needs  into  technical  solu¬ 
tions  and  vice  versa.  This  is 
where  Kleckner  and  Leslie 
Peckham  come  in.  They  are 
now  the  company’s  informa¬ 
tion  security  advisers,  coordi¬ 
nating  security  requirements 
between  IT  and  business 
units. 

“The  business  person  knows 
the  value  of  their  data,  and 
they  know  what  controls  are 
appropriate,  so  they  should  be 
in  the  driver’s  seat,”  Kleckner 
says. 

Their  biggest  challenge 
echoes  that  of  all  IT  depart¬ 
ments:  bridging  the  great  di¬ 
vide  between  technology  re¬ 
quirements  and  business  re¬ 
quirements.  Bridging  this  gap 
takes  a  certain  amount  of 
credibility,  which  comes  from 
the  backing  of  the  most  senior 
IT  manager  —  in  this  case 
Schumann,  who  has  also  gath¬ 
ered  support  from  the  most 
senior  company  management. 

Once  they  got  this  backing, 
Kleckner  and  Peckham  ap- 

Job  Watch 


Who:  Leslie  Peckham  and 
Mike  Kleckner 

Title:  Information  security  advisers 

Company:  American  Family 
Mutual  Insurance  Co.,  Madison, 
Wis.  ( www.amfam.com ) 

Report  to:  Enterprise  technology 
strategies  director 

Skills:  Ability  to  explain  and 
transfer  technology  ownership  to 
business  units 


preached  this  challenge  on  two 
fronts  —  raising  IT  awareness 
in  the  user  community  and 
raising  business  awareness  in 
their  IT  support  departments. 

“How  do  you  describe  a 
[public-key  infrastructure]  in 
nontechnical  terms  and  actu¬ 
ally  get  people  excited  about 
it?  It’s  a  real  basic  formula: 

You  find  out  what  the  business 
unit  wants  and  give  it  to 
them,”  Peckham  explains. 

They  started  by  developing 
a  10-point  template  from 
which  business  units  can  make 
informed  decisions  about 
their  security  needs.  At  the 
onset  of  any  new  project,  the 
security  advisers  now  meet 
with  the  business  units  to  dis¬ 
cuss  their  needs  and  go  over 
the  template. 

That  means  asking  the  right 
questions,  like  the  following: 

■  What  are  your  strategic 
directions? 

■  What  do  you  deal  with? 

■  What  information  is  con¬ 
fidential? 

■  What  level  of  protection 
does  that  information  require? 

Once  the  business  unit  fills 
out  a  project  security  tem¬ 
plate,  a  business  partner  docu¬ 
ment  is  generated.  Then  the 
security  advisers  work  with 
the  technologists  to  address 
the  security  areas  identified 
by  the  business  units. 

After  that,  they  have  to  find 
a  way  to  bring  the  business 
mentality  of  budgets,  policies, 
operational  integration  and 
more  into  IT  development 
teams,  Kleckner  says. 

It’s  a  matter  of  asking  the 
technology  units  similar  ques¬ 
tions,  so  they  can  see  IT  secu¬ 
rity  as  a  strategic  business  en¬ 
abler  and  overcome  their  mis¬ 
conceptions  that  security  gets 
in  the  way  of  efficiency,  Peck¬ 
ham  explains. 

The  final  decision  still 
needs  to  be  made  by  the  data 
owners.  So  once  the  technical 
specialists  turn  around  a  list  of 
suggested  solutions  to  meet 
the  business  units’  risk  re¬ 
quirements,  the  advisers  re¬ 
turn  to  the  business  units  and 
discuss  levels  of  risk  with  the 
business  managers  who  make 
the  final  technical  security 
choices  that  go  into  the  project. 

While  Kleckner  arrived  at 


Security  Primer 

When  undertaking  a  new  development 
project,  American  Family  enables  the 
business  unit  project  managers  to  set 
security  requirements  themselves.  A 
key  element  is  a  template  developed 
by  the  company’s  two  IT  security 
advisers  that  explains  key  terms: 

Authentication:  Who  are  you? 
Authorization:  What  can  you  do? 

Confidentiality  and  reliability: 

Privacy  and  dependability 

Monitoring  and  tracking:  What  did 

you  do? 

Backup  and  recovery:  Rebuilding 

the  system 

Physical  security:  Locking  others 
out 


Change  management:  Protecting 

the  production  process 

Legal  requirements:  What  the  law 

expects 

Training  and  awareness:  What  you 

need  to  know 

Contingency  planning:  What  if? 

Program  paybacks: 

■  Every  major  business  unit  is  already 
represented  by  the  corporate 
security  board. 

■  Business  participation  in  the 
company's  security  intranet  pages 
is  strong. 

■  The  corporate  compliance  officer 
even  co-developed  the  IT  security 
policies  with  Winnie  Schumann, 
director  of  enterprise  technology 
strategies. 


this  position  by  way  of  infor¬ 
mation  security,  Peckham  was 
an  English  major  then  a  tech¬ 
nology  strategist  before  taking 
her  position  at  American  Fam¬ 
ily.  Peckham  says  her  commu¬ 
nication  skills  and  Kleckner’s 
more  technical  skill  set  com¬ 
plement  each  other. 

“I’m  less  technical,  so  I 
work  on  the  cultural  changes 
that  need  to  happen  in  order 
to  enable  security  to  take 
hold,”  Peckham  says.  “I  love 
the  awareness  training  end  of 
the  job.” 

Because  their  jobs  are  so 
creatively  and  technically  de¬ 
manding,  and  because  security 
is  ongoing,  neither  Kleckner 
nor  Peckham  see  themselves 
moving  on  anytime  soon. 

“We  see  ourselves  as  being 
able  to  change  a  corporate  cul¬ 
ture.  That  is  our  career  pro¬ 
gression,”  says  Peckham.  I 


GoldMine®  is  the  logical 
next  step  to  customer- 
centric  success! 


Your  contact  manager  has 

taken  you  as  far  as  it  will  go.  But  you’re 
not  about  to  upgrade  to  some  costly, 
cumbersome  CRM  solution. 

Join  the  community  of  smart  professionals 
who  are  moving  up  to  GoldMine,  instead. 

A  range  of  “right-sized”  solutions  that  pick 
up  where  your  contact  manager  leaves  off, 


to  take  you,  your  workgroup  or  company 
to  a  new  level  of  customer-centric  success. 

GoldMine  solutions  are  engineered  to 
help  you  manage  the  entire  customer  life 
cycle.  Improving  customer  service.  Reducing 
customer  turnover.  And  maximizing  sales 
and  repeat  business. 

Centralized  information  and  automated 
lead  follow-up  mean  you’ll  spend  less  time 
on  busy-work  and  more  time  closing  new 
business.  Plus,  you’ll  be  able  to  track  your 
opportunities  and  forecast  sales  with  our  easy 
yet  powerful  opportunity  management  tools. 


GoldMine  also  gives  you  the  flexibility 
to  link  sales  and  marketing,  service  and 
support  and  Management  Intelligence  into 
a  front-to-back  customer-driven  solution. 

You  can  import  your  data  directly  from 
your  current  contact  manager  with  our 
convenient  conversion  utility.  So  why  not 
do  it  today?  Call  or  visit  our  website  now 
for  more  information! 

www.frontrange.com 

1-800-532-6259 


Front  Range  > 


SOLUTION  S’ 


GoldMine. 


GoldMine,  FrontOffice  2000  and  other  FrontRange  products  and  brands  are  registered  trademarks  or  trademarks  of  FrontRange  Solutions  Inc.  in  the  U  S.  and/or  other  countries.  Other  products  and  brands  are 
registered  trademarks  or  trademarks  of  their  respective  owners/companies.  Copyright  ©  2001  FrontRange  Solutions  Inc.  All  Rights  Reserved. 
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FRAN  QUITTEL 

Successful  Strategies  for 
Today’s  CIO  Job-Seekers 

IF  YOU’RE  AMONG  THE  TOP  CIOS  —  say, 
the  upper  5%  to  10%  —  you’ve  probably 
emerged  relatively  unscathed  from  the 
downturn  in  the  job  market.  After  all,  the 
top-tier  CIOs  who  can  deliver  millions  of 
dollars  of  value  to  multibillion-dollar  Fortune  500 
companies  are  always  in  demand. 


Some  CIOs  are  still  com¬ 
manding  compensation 
packages  with  base  salaries 
as  high  as  $250,000,  healthy 
stock  options  and  bonuses 
that  are  25%  to  60%  of  base 
pay,  according  to  commen¬ 


tary  from  IT  executive 
search  professionals  such 
as  Carl  Gilchrist  at  Spencer 
Stuart  Management  Consul¬ 
tants  NV  in  Atlanta;  Barry 
Obrand,  area  manager  at 
Russell  Reynolds  Associates 


Inc.  in  Palo  Alto,  Calif.;  and 
Gloria  Gordon,  vice  presi¬ 
dent  of  the  technology  and 
e-business  practice  at  AT. 
Kearney  Inc.  in  Los  Angeles. 

But  if  you’re  a  senior,  ex¬ 
perienced  IT  professional 
wondering  why  your  CIO 
job  search  is  stalled,  be 
warned:  There’s  little 
spillover  of  high  demand 
from  that  elite  group  to  the 
90%  below. 

The  number  of  companies 
with  top-level  openings  has 
diminished.  More  candidates 


are  available,  and  some  are 
more  qualified  than  others. 

“If  you’re  someone  who 
jumped  up  into  a 
CIO  role  without 
the  requisite  lev¬ 
el  of  seasoning, 
you’re  probably 
finding  yourself 
somewhat  disen¬ 
franchised  in  this 
down  market 
when  a  lot  of 
good  talent  is 
available,”  says 
Tom  Thomas, 
president  and 
CEO  of  Haht 
Commerce  Inc.  in 
Raleigh,  N.C. 

“This  is  a  bare-bones  mar¬ 
ket,”  reports  Paul  Lemerise 
of  Rancho  Mirage,  Calif., 
who  has  had  senior  IT  and 


business  responsibilities  at 
True  Value  and  WineShop- 
per.com.  “Where  once  there 
might  have  been 
over  a  hundred 
jobs  available, 
now  there  might 
be  less  than  20. 
Where  major 
projects  might 
have  been  under 
way  totaling  mil¬ 
lions  of  dollars, 
now  capital 
spending  and  de¬ 
velopment  proj¬ 
ects  are  imple¬ 
mented  on  a 
‘breathe  air’  basis.” 

So,  if  you’re  a  top-level  IT 
manager  who  is  on  the  mar¬ 
ket,  what  can  you  expect? 
Where  should  you  look? 
How  should  you  interview? 


fran  quittel  is  a  techni¬ 
cal  staffing  consultant 
in  Emeryville,  Calif.,  and 
writes  the  biweekly 
Career  Adviser  column 
for  Computerworld. 


Call  1-800-OK-CANON  ext.  50  or  visit  www.imagerunner.com 


A  box  that  delivers 
paper  documents 
anywhere  overnight? 


Introducing  the  Canon  imageRUNNER  with  document  distribution  technology.  Now  you  can  send 
paper  documents  anywhere,  in  any  form,  at  anytime,  right  over  your  network  or  the  internet.  Instantaneously.  Simply 
scan  a  document  into  the  imageRUNNER  5000,  and  you  can  send  it  to  any  desktop,  e-mail  address,  fax  machine,  database 
or  file  server.  And  since  the  Canon  imageRUNNER  is  capable  of  integrating  directly  with  your  existing  e-mail,  lanfax, 


*  Requires  additional  software  which  is  sold  separately.  Speak  to  your  authorized  Canon  dealer. 

Canon  is  a  registered  trademark  and  IMAGERUNNER  and  Canon  Know  How  are  trademarks  of  Canon  Inc.  IMAGEANYWARE  is  a  service  mark  of  Canon  U.SA,  Inc.  ©2001  Canon  U.S.A.,  Inc. 
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And  what  will  you  be  paid? 

First,  expect  that  your  job 
search  will  take  longer  than 
your  previous  searches,  and 
depend  less  on  geography 
and  more  on  your  selected 
industry,  which  traditionally 
impacts  job  seekers  earning 
less  than  $100,000  per  year. 

“Although  Wall  Street 
bonuses  are  surely  not  what 
they  used  to  be,  finance  — 
including  insurance  services 
and  consumer  finance  com¬ 
panies  —  energy  and  health 
care  still  remain  very 
strong,”  says  Obrand. 

And  while  jobs  in  govern¬ 
ment  and  education  may  be 
harder  to  identify,  these 
fields  are  growing  tech¬ 
nology  users,  though  taking 
that  route  might  make  re¬ 
turning  to  mainstream  com¬ 


mercial  IT  more  difficult. 

Second,  recruiters  are 
again  being  flooded  with 
resumes.  The  best  way  to 
get  into  the  loop  of  current 
openings  is  to  network  your 
way  into  the  inner-circle 
CIO  fraternity,  which  is 
harder  to  do  if  you’re  on 
the  outside  looking  in. 

This  is  the  time  when 
you  should  call  in  those  chits 
from  helping  executive-level 
recruiters  who  have  called 
you  looking  for  leads.  It’s 
also  when  you  must  leverage 
deep  contacts  with  people 
who  know  about  the  latest 
projects  under  way.  Pick  up 
the  phone  and  call  the  peo¬ 
ple  who  have  worked  for  you 
and  gone  on  to  other  venues. 

In  addition,  CIOs  typically 
report  at  board  meetings. 


You’re  definitely  at  an  ad¬ 
vantage  in  interacting  with 
board  members  who  re¬ 
member  your  strengths 
when  seeking  talent  to  solve 
problems  among  their 
clients  and  customers.  In 
short,  today’s  job  market  is 
a  networking  game. 

Moreover,  once  you  get 
your  foot  in  the  door  and 
start  interviewing  with  a 
CEO,  there  are  a  few  wrin¬ 
kles  you  must  smooth.  You 
must  be  able  to  present 
yourself  as  someone  who 
can  pinpoint  and  solve  busi¬ 
ness  problems  correctly  and 
quickly,  whose  forecasting 
capabilities  leave  no  margin 
for  error  and  whose  bud¬ 
getary  sense  is  flawless. 

“If  you  are  being  inter¬ 
viewed  by  a  CEO,  you  want 


him  to  think  you  are  a  mira¬ 
cle  worker,”  notes  Neil  Fox, 
CIO  of  Management  Re¬ 
cruiters  International  Inc. 
in  Cleveland. 

“The  magic  words  are  ‘I 
can  do  more  with  less,’  ‘I’ve 
taken  a  good  look  at  the  orga¬ 
nization,  and  I  believe  we  ei¬ 
ther  have  the  right  people 
doing  the  wrong  things  or 
the  wrong  people  doing  the 
right  things,’  and  ‘With  these 
steps,  we’ll  be  able  to  achieve 
this  specific  goal.’  If  you  can 
do  more  with  less  and  get 
some  belief  around  it,  this 
works,”  Fox  says. 

Moreover,  you  must  target 
the  scope  of  the  job  you’re 
after  to  a  particular  type  of 
firm.  If  you  want  to  work  in 
a  smaller  organization,  you’ll 
need  to  wear  lots  of  hats. 


Finally,  the  good  news: 
Even  if  interviewing  and  ne¬ 
gotiating  take  longer  than 
you’ve  previously  experi¬ 
enced,  executive  compensa¬ 
tion  packages  hardly  ever 
decrease.  While  today’s 
bonuses  will  fall  below  last 
year’s  average  of  40%,  this 
year’s  base  salaries  have 
risen  4%  to  5%,  notes  Keith 
Fortier,  a  compensation  con¬ 
sultant  at  Salary.-com  Inc.  in 
Wellesley,  Mass. 

And  “don’t  be  afraid  to 
load  up  on  low-priced  stock 
options,”  counsels  Fortier. 
“This  is  the  exact  time  to 
cherish  getting  stock  op¬ 
tions,  grants  and  all  kinds  of 
performance  shares,  because 
18  to  24  months  down  the 
road,  these  options  could  be 
worth  multiples  more.”  I 


Or  a  box  that 
delivers  them  instantly 
over  the  internet? 


and  document  management  software,  you  can  maximize  your  investment 
in  these  systems^  The  cost  and  hassle  of  overnight  delivery  are  finally 
over.  At  Canon,  we’re  giving  people  the  know-how  to  make  paper 
documents  work  in  an  internet  world. 
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Portals: 

Build  Them  Right 
And  They  Will  Come 

Fast  on  their  way  to  becom¬ 
ing  the  primary  way  profession¬ 
als  share  information,  portals 
are  red  hot  within  organizations 
today.  But  to  paraphrase  a 
popular  movie,  if  you  build  a 
portal,  will  they  come?  And  if 
users  come,  will  they  stay? 

The  short  answer  is,  “not 
necessarily.”  The  reason  is  that 
firms  don't  always  don’t  take  a 
true  customer-centric  approach 
to  building  portals  to  assure  an 
optimal  user  experience. 

Moreover,  firms  frequently 
underestimate  the  complexity 
of  integrating  legacy  data  and 
other  information  sources  to  be 
linked  with  portals. 

“When  building  portals,  you 
need  to  think  in  terms  of  end  to 
end  business  outcomes  and  the 
complete  lifecycle,”  notes  Terry 
Hisey,  V.  P.  and  G.  M.,  e-Business 
at  Unisys.  “The  corporate  portal 
begins  with  an  alignment 
between  business  and  portal 
strategies  incorporating  the  right 
information,  from  whatever 
source,  and  delivering  it  in  a  pro¬ 
ductive  and  time-sensitive  man¬ 
ner  to  a  personalized  interface.” 

To  make  this  dream  a  reality 
for  clients,  Unisys  has  combined 
its  rock-solid  experience  in  con¬ 
sulting  and  integration  with  break¬ 
through  patent-pending  method¬ 
ologies.  To  learn  how  Unisys 
can  help  conceive,  build  and 
manage  world-class  portals,  visit: 
www.aheadforebusiness.com 
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WORKSTYLES 

Solving  IT  Challenges  for  [ 
A  Staff  the  Size  of  a  City  | 


IT  infrastructure:  “PMMC  has  two 
sets  of  consolidated  data  centers  that 
support  all  five  operating  compa¬ 
nies,  and  then  each  company  has  its 
own  IT  staff.  I  worked  in  IT  at  Philip 
Morris  U.S.A.  for  four  years,  and  I’ve 


Philip  Morris 
Management  Corp. 

Interviewee:  Donna  Evans,  senior 
project  manager 

Company:  Philip  Morris  Management 
Corp.  (PMMC),  the  administrative  ser¬ 
vices  arm  of  Philip  Morris  Cos. 

Main  location:  New  York 
Number  of  it  employees:  More  than 
420  in  PMMC 


design  for  18  months  at  Philip  Morris 
U.S.A.,  and  helped  re-engineer  the 
HR  processes.  We  just  had  the  first 
rollout  to  a  small  European  office  [in 
July],  and  we’ll  continue  to  roll  it  out 
over  the  next  few  years. 

“Now  I’m  working  on  Web  site  de¬ 
velopment  and  trying  to  bring  in  a 
content-management  approach  that 
will  enable  people  to  manage  con¬ 
tent  delivery  with  very  little  interfer¬ 
ence  from  IS.  We’ve  rolled  it  out 
here  [at  PMMC],  and  we’re  piloting 
a  few  tests  to  see  if  it  could  work  as 
an  enterprisewide  solution.” 


been  here  two  years.” 

Mission-critical  systems:  “In 

PMMC,  an  [enterprise  re¬ 
source  planning]  system  for 
finance  and  human  re¬ 
sources.  We’re  two  years 
into  a  big  ERP  initiative  to 
implement  common  HR 
processes  globally  across  all 
of  our  operating  companies. 

“The  system  will  give  us 
consistency  in  how  we  cap¬ 
ture  information  but  will 
still  allow  for  differences  in 
rules  and  regulations  across 
locations.  I  worked  on  the 


What  are  the  differences  between  work-  j 
ing  at  PMMC  and  Philip  Morris  U.S.A.? 

“Philip  Morris  U.S.A.  is  absolutely  j 
huge.  It  had  about  40,000  people 
when  I  was  there,  and  when  you’re  I 
developing  applications,  you  can 
have  great  impact  because  there  are  j 
so  many  users.  The  first  system  I 
worked  on  there  saved  about  two 
months  per  sales  cycle  because 
salespeople  could  use  their  time 
more  efficiently. 

“So  you  can  create  some  great  effi-  j 
ciencies  because  of  the  scale,  and 
that’s  a  great  feeling.  But  you’re  also  j 
just  one  of  many,  and  that  can  be 
daunting.  It  took  longer  to  get  things  ! 


done.  Certain  aspects  of  Philip  Mor¬ 
ris  U.S.A.  are  very  efficient,  but  if 
you  want  to  turn  a  very  big  ship,  it 
can  take  a  little  time.  Here  [at 
PMMC],  when  you  need  to  get 
something  done,  we’re  small  enough 


that  you  can  walk  across  the  hall  and 
get  it  done  very  quickly.” 

What’s  the  biggest  misconception  about 
working  at  Philip  Morris?  “Everyone’s 
reactions  are  different,  but  for  the 
most  part,  people  don’t  know  what 
we  really  stand  for.  We’re  more  than 
just  a  tobacco  company.  We  own  the 
largest  food  company  in  North 
America  and  the  second-largest 
brewing  company  in  the  U.S.  So 
there  are  times  when  people  ask 
questions  that  are  negative,  but  that 
stems  from  the  fact  that  they  think 
we  are  a  one-product  company.” 

IT  training:  “Because  we  have  such  a 
wide  range  of  IT  initiatives,  there’s 
not  one  single  training  event  that 
everyone  does.  Near  and  dear  to  my 
heart  are  content-management  train¬ 
ing  and  XML  training.” 

IT  career  paths:  “There’s  not  a  formal 
path,  but  it’s  common  to  grow  your 
breadth  and  depth  of  technical  ex¬ 
pertise  with  different  business  expe¬ 
rience.  For  example,  I’ve  been  in  two 
operating  companies  in  six  years, 
and  I  hope  to  work  in  another.” 

Employee  reviews:  “We  have  a  formal 


review  yearly,  but  a  part  of  that  is 
having  regular  reviews  quarterly. 
Managers  are  encouraged  to  talk  to 
their  employees  throughout  the  year 
and  keep  the  lines  of  communication 
open.  Some  managers  do  reviews  as 
often  as  every  two  months.” 

Bonus  programs:  “There  are  merit 
programs  for  all  employees  across 
the  company.  There  are  no  IT- 
specific  bonus  programs.  Raises 
are  not  a  given,  and  bonuses  are 
not  universal.” 

Workday:  “We  start  be¬ 
tween  8  and  9  [a.m.]; 
most  people  are  typi¬ 
cally  in  the  office  10 
hours.” 

Dress  code:  “For  every¬ 
one  in  New  York,  it’s 
business.  We  wear 
suits,  even  in  IT.  The 
dress  code  for  different 
locations  varies  be¬ 
tween  business-casual 
and  business.” 

Security  badge/card 
needed  to  get  into  build- 
;  ing  or  office?  “Yes,  to  get  into  the 
;  building  and  on  every  floor.” 

j  Office  decor:  “We  have  fantastic  art. 
j  The  company  has  been  supporting 
I  the  arts  for  45  years  now,  and  in  the 
i  [lobby]  of  the  building,  we  keep  an 
I  exhibition  space  that  we  partner  on 
j  with  the  Whitney  Museum  of  Amer- 
j  ican  Art.  ” 

j  Other  on-site  amenities:  A  doctor’s  of- 
j  flee,  a  fitness  center,  a  hair  stylist,  a 
j  credit  union  and  a  company  store. 

I  Little  perks:  “We  have  lots  of  informal 
j  activities,  like  celebrating  birthdays, 
i  marriages,  births.  And  there  are  lots 
j  of  employee  discount  programs  — 
j  for  movie  tickets,  Broadway  shows, 
j  amusement  parks  and  Indy  car 
j  races.” 

j  The  last  word:  “In  the  first  10  to  12 
j  years  of  my  career,  I  had  to  jump 
j  ship  every  three  to  four  years  to  gain 
j  the  experience  I  wanted.  But  it’s 
I  hard  to  imagine  jumping  from  here, 
j  because  it’s  a  great  place  to  work 
j  and  you  get  to  touch  a  lot  of  differ- 
;  ent  technologies.” 

-  Leslie  Jaye  Goff 
;  lgoff§ix.netcom.com 
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Want  to  see  how  fast  a  company  can  deliver  the  most  unified, 
multi-channel  e-business  solutions  for  financial  services? 
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s  financial  companies  expand  across  banking,  insurance,  and  brokerage, 
there's  someone  equipped  to  deal  with  the  complexity.  Unisys.  Our  global 
experience  extends  deep  into  the  world  of  financial  services.  Rather  than 
giving  you  part  of  the  solution,  we  deliver  all  of  it,  unifying  your  back  office 
with  your  front  office.  We’ll  help  deploy  your  services  through  multiple 
channels,  from  mobile  and  iTV,  to  ATM,  branch,  call  center  and  the  Internet. 
As  your  strategic  partner,  we’ll  unify  everything  with  your  existing  legacy 
systems.  We’ve  done  it  before  and  we’re  ready  to  do  it  again  for  you. 

Visit  us  at  www.aheadforebusiness.com. 
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We  have  a  head  for 
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Dear  Career  Adviser: 

I  have  12  years  of  experience  in  all  aspects  of 
security,  plus  a  bachelor  of  science  degree  in 
computer  science,  an  MBA  and  an  MSCEfrom 
excellent  schools.  I  have  been  a  chief  technolo¬ 


gy  officer  twice  —  once  at  a  small  com¬ 
pany  for  four  years,  and  then  most  re¬ 
cently  at  a  large  company  for  just  one 
year. 

My  employer  has  merged  with  anoth¬ 
er  company,  and  the  merger  has  rede¬ 
fined  the  scope  of  my  position. 

I’d  like  to  move  to  another  major  com¬ 
pany  in  a  CTO-level  position,  with  the 


goal  of  moving  into  a  CEO  role.  But 
instead,  I’m  getting  more  offers  for  my 
technical  skills. 

—  Major-League  Player 

Dear  Major: 

Your  12  years  of  experience  are  pri¬ 
marily  in  technical  areas,  with  several 


short  hops  at  smaller  companies,  start¬ 
ups  and  universities.  That  contrasts 
with  your  most  recent  experience  of 
one  year  as  CTO  at  a  major  company. 

There  is  considerable  talent  avail¬ 
able  in  the  current  job  market  —  talent 
that  offers  both  more  business  experi¬ 
ence  and  more  consistent,  longer  stints 
at  fewer  large  companies  than  you  do. 
So  it’s  no  wonder  you’re  getting  more 
offers  for  your  technical  expertise  in 
security  rather  than  as  a  leader  of  an 
entire  business. 

You  might  prefer  to  skip  some  steps 
to  reach  your  goal  faster,  but  the  cur¬ 
rent  employment  market  won’t  allow 
you  to  leapfrog  like  you  could  have 
done  in  the  tighter  employment  mar¬ 
ket  just  a  year  ago. 

According  to  Tom  Thomas,  presi¬ 
dent  and  CEO  of  Haht  Commerce  Inc. 
in  Raleigh,  N.C.,  you’re  most  likely  to 
reach  a  top  slot  if  you  can  show  logical 
progression  in  your  ca¬ 
reer.  This  includes  career 
stability  that  involves 
working  your  way  into 
consistently  larger  roles 
at  one  company  where 
you  also  begin  to  influ¬ 
ence  the  business  as  a 
whole. 

You  might  consider 
joining  a  Big  5  consulting 
company,  eventually  be¬ 
coming  a  practice  leader. 

Then  take  on  a  senior 
management  role  within  a 
company. 

Alternatively,  you  could 
consider  joining  a  division  of  a  Fortune 
1,000  company  in  a  senior  technical 
role.  Then  you  could  work  your  way 
up  within  the  one  company,  perhaps 
becoming  the  president  of  a  division 
before  becoming  the  president/CEO  of 
either  that  overall  company  or  another 
organization.  Patience  and  planning 
are  requisite,  since  this  will  take  time. 


BRIEFS 


Food  for  Thought 

Perhaps  the  pressures  are  getting  too  great. 
Maybe  the  work  is  piling  up  too  much.  Possi¬ 
bly  nobody  likes  them  anymore.  Whatever  the 
reason,  IT  managers  definitely  need  to  get  out 
more  at  lunchtime.  A  new  survey  by  Manage¬ 
ment  Recruiters  International  Inc.  in  Cleve¬ 
land  finds  that  most  managers  now  spend  at 
least  one  day  a  week  eating  lunch  at  their 
desks.  Nearly  one-third  said  they  spend  three 


Dear  Career  Adviser: 

I  am  a  12-year  software  industry  tech¬ 
nical  writer  veteran  in  the  Midwest 
looking  for  a  new  home.  I  am  interested 
in  whether  companies  are  still  investing 
in  training  and  whether  opportunities  in 
training  might  be  something  for  me  to 
explore.  I  have  some  programming 
knowledge  and  expertise  in  writing 
product  and  user  documentation. 

—  Tech  Writer  to  training 

Dear  Tech  Writer: 

Training  investments  are  suffering 
in  today’s  economic  downturn.  But 
you  can  still  make  the  shift  if  you  have 
instructional  design  and  great  presen¬ 
tation  skills,  plus  deep  subject-matter 
expertise. 

Areas  in  which  demand  for  training 
is  strongest  include  wireless  IP  infra¬ 
structure  and  data  mobility,  optical 
networking  and  storage- 
area  networks,  counsels 
Eric  Goldfarb,  CIO  of  Glob¬ 
al  Knowledge,  a  training 
company  in  Cary,  N.C. 

The  more  knowledge¬ 
able  you  are  in  terms  of 
pure  technology,  the  faster 
you’ll  be  at  making  this 
switch. 

Seek  out  companies  with 
proprietary  technology 
that  have  multiple  audi¬ 
ences,  with  each  requiring 
training  as  a  core  part  of 
their  business,  notes  Randy 
Nelson,  Dean  of  Pixar  Uni¬ 
versity,  at  Pixar  Animation  Studios  in 
Emeryville,  Calif. 

Look  for  companies  that  need  to 
train  internal  developers,  external  de¬ 
velopers  and  end  users  in  software,  a 
tool  set  or  a  product  line,  advises  Nel¬ 
son.  Finally,  stay  away  from  companies 
that  put  training  far  from  the  true 
business  core.  I 


lonely  lunch  hours  at  their  desk  weekly.  And 
10%  have  no  lunch  life  at  all,  spending  every 
lunch  hour  at  their  desks. 


Too  Much  of  a  Techie? 

Not  possible,  said  many  CIOs  participating  in 
a  recent  study  by  Menlo  Park,  Calif.-based 
RHI  Consulting. 

When  asked  what  one  skill  area  they  would 
like  to  see  improved  in  their  IT  workers,  34% 
of  the  CIOs  polled  said  technical  skills,  23% 
said  project  management  skills,  13%  said 
verbal  and  written  communication  skills,  and 
10%  said  interpersonal  skills. 
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TECHNOLOGY 


THIS  WEEK 


CONTROLLED  ACCESS 

With  privacy  a  growing  concern, 
IT  managers  are  looking  to  closely 
manage  access  to  their  largest 
repositories  of  information:  data 
warehouses.  Good  tools  are  avail¬ 
able,  but  decisions  about  defining 
user  access  to  information  must 
come  first.  PAGE  44 


CRIMINAL  RECORDS 

A  Linux-based  document-imaging 
system  helps  the  Queens  County, 
N.Y.,  district  attorney  keep  track  of 
documentation  for  50,000  criminal 
cases  per  year  and  makes  them  eas¬ 
ily  accessible.  PAGE  46 


HANDS  ON 


Reviews  editor  Russell  Kay  offers  a 
roundup  of  gadgets  that  can  make 
life  easier  and  more  productive 
for  those  who  must  travel  with  a 
computer.  PAGE  48 


EMERGING  COMPANIES 

RLX’s  compact  blade  servers 
promise  to  cut  power  require¬ 
ments  and  conserve  space  in  Inter¬ 
net  data  centers.  But  the  competi¬ 
tion  could  be  stiff  as  Compaq  and 
other  industry  heavyweights  race 
to  catch  up  with  blade  servers  of 
their  own.  PAGE  51 


NICHOLAS  PETRELEY 


Let’s  Get  Organized 

I  HAVE  A  THEORY  ABOUT  WHY  we  aren’t  recovering  from  the  dot¬ 
com  implosion  as  quickly  as  we  ought  to  be.  Perhaps  it’s  just  myopia, 
but  I  blame  at  least  a  portion  of  our  economic  woes  on  the  disorgani¬ 
zation  of  information  on  the  Web  and  the  fact  that  the  current  state 
of  technology  doesn’t  deal  well  with  this  chaos. 


There’s  plenty  of  information  on  the  Web.  Once 
we  pass  the  threshold  where  information  is  truly 
accessible  to  the  masses,  the  Internet  will  become 
the  indispensible  foundation  of  our  future  economy. 

Tim  Berners-Lee  has  attempted  to  help  create  the 
kind  of  information  infrastructure  that  would  sup¬ 
port  such  a  future.  If  you  want  a  glimpse  of  what 
he  has  in  mind,  read  the  Scientific  American  article 
titled  “The  Semantic  Web,”  by  Berners-Lee,  James 
Hendler  and  Ora  Lassila  ( -www.sciam.com/2001/ 
0501issue/0501berners-lee.html ). 

The  article  begins  with  a  bit  of  a  science  fiction 
story  in  which  people  converse  with  Internet  appli¬ 
ances  the  way  the  astronauts  talked  to  the  HAL  9000 
computer  in  2001:  A  Space  Odyssey.  Why  is  it  science 
fiction?  We  have  adequate  speech-recognition  and 
synthesis  technology.  It’s  just  not  affordable  yet. 
What  we  really  lack  is  an  intelligent  structure  for  the 
way  we  store  information  on  the  Web  and  an  intelli¬ 
gent  way  to  interpret  and  retrieve  that  information. 

If  you  want  to  see  just  how  far  we  are  from  the 
goal,  try  this  sort  of  test  on  any  of  a  number  of  Web 
search  engines  that  accept  natural-language  queries. 
I  consider  the  site  Ask  Jeeves  ( www.ask.com )  to  be 
reasonably  good,  so  I  asked  it,  “What  is  the  Semantic 
Web?”  It  came  up  with  an  excellent  list  of  links. 

The  question  “What  are  the  long-term  side  effects 
of  phentermine  (a  weight-loss  medication)?”  may 
have  produced  some  starting  points,  but  it  didn’t 
give  me  a  link  with  a  direct  answer. 

But  Ask  Jeeves  failed  miserably  when  I  asked 
questions  like  “How  can  I  turn  on  TCP 
Syn  Cookie  support  in  the  Linux  kernel?” 
or  “What  was  the  name  of  the  ship  in  the 
movie  2001:  A  Space  Odyssey ?”  Yet  these 
are  extremely  specific  questions  contain¬ 
ing  all  the  information  necessary  to  find 
precise  answers. 

The  Semantic  Web  addresses  this  very 
issue.  It  applies  standards  like  XML  and 
the  Resource  Description  Framework 
(RDF)  to  the  way  we  store  and  categorize 
information  on  the  Web  in  order  to  make 
it  possible  to  interact  intelligently  with 
the  Web. 


NICHOLAS  PETRELEY  is  a 

computer  consultant  and 
author  in  Hayward,  Calif. 
He  can  be  reached  at 

nicholas@petreley.com. 


Now  don’t  get  me  wrong.  I’m  100%  gung-ho 
behind  XML,  RDF  or  any  other  acronym  that  might 
make  Web  information  more  accessible.  But  all  one 
has  to  do  to  sprinkle  some  reality  dust  on  this  fan¬ 
tasy  is  to  browse  through  a  few  XML  files.  What 
you’ll  find  are  the  limitations  of  the  standards  and 
of  the  humans  who  apply  them. 

For  example,  the  program  Evolution  by  Ximian 
Inc.  uses  an  XML  configuration  file  that  includes 
this  line:  “<entry  name=“path”  type=“string”  value= 
“2f7573722f62696e2f677067”/>.”  If  you  have  your 
secret  programmer  decoder  ring  on,  you’ll  know 
that  the  string  beginning  with  “2f”  is  the  hexadeci¬ 
mal  representation  of  the  ASCII  string  “/usr/bin/gpg.” 
But  if  you  didn’t  have  a  clue,  why  would  you  expect 
a  search  engine  to  do  any  better? 

Perhaps  that  is  a  poor  example,  because  a  well- 
designed  engine  should  understand  that  “0”  and 
“False”  are  the  same  Boolean  value.  And  it  might 
even  discern  the  difference  between  text  strings  and 
hexadecimal  ASCII.  But  if  there  is  ambiguity  among 
simple  data  types,  how  can  we  expect  XML  to  make 
it  easier  to  share  complex  data? 

The  problem  is  that  the  Extensible  in  XML  means 
we  get  to  make  up  stuff.  If  we  all  agreed  on  what  we 
made  up,  the  metatag  keywords  in  the  HTML  header 
on  your  Web  site  might  actually  mean  something. 

But  they  usually  don’t.  That’s  mostly  due  to  innocent 
differences  of  opinion. 

And  it  can  only  get  worse  if  some  hypothetical 
monopolistic  company  exploits  the  extensibility  of 
XML  to  make  its  data  more  accessible  to 
some  software  than  to  others. 

So,  is  there  any  hope?  Enter  the  RDF, 
another  piece  of  the  Semantic  Web.  We’ll 
examine  RDF  in  my  next  column  to  see 
if  it  can  do  what  XML  alone  can’t.  In 
the  meantime,  assuming  your  particular 
Linux  kernel  supports  the  feature,  you 
can  turn  on  Syn  Cookies  with  the  com¬ 
mand  “echo  1  >  /proc/sys/net/ipv4/tcp_ 
syncookies.”  And  the  name  of  the  ship  is 
Discovery.  Sorry,  but  I  don’t  know  any¬ 
thing  about  the  long-term  side  effects 
of  phentermine. » 
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ising  concerns  about  privacy 
mean  that  the  security  of  sensi¬ 
tive  information  such  as  medical 
and  financial  data  and  informa¬ 
tion  about  children  is  coming  un¬ 
der  tighter  scrutiny  these  days. 
And  this  is  forcing  IT  managers  to 
turn  their  attention  to  the  richest  repositories  of 
such  data:  their  data  warehouses. 

But  for  many  businesses,  just  defining  the  roles 
and  purposes  of  those  staffers  accessing  such  data 
can  be  daunting.  Consider  that  a  single  hospital  ad¬ 
mittance  could  result  in  a  patient’s  records  being 
viewed  by  more  than  150  people,  both  inside  and 
outside  the  hospital,  according  to  a  study  by  Pre¬ 
dictive  Systems  Inc.,  a  New  York-based  technology 
consulting  firm. 

Fortunately,  data  warehouse  software  and  the  ap¬ 
plications  that  serve  such  warehouses  are  relatively 
mature.  Database  software  can  define  access  down  to 
the  object  level.  And  tools  to  automate  user  account 
management  are  particularly  helpful  in  large  user 
environments. 

The  first  step  in  data  warehouse  security  is  defin¬ 
ing  what  data  needs  protecting,  which  can  be  more 
difficult  than  it  sounds,  according  to  IT  managers. 

“[Legislation]  talks  in  general  terms  about  what 


With  privacy  a  growing  concern,  IT 
managers  are  looKing  to  closely  manage 
access  to  their  largest  repositories  or 
information.  By  Deborah  Radcliff 


data  needs  protecting  and  provides  little  of  what 
kind  of  data  and  what  kind  of  protection  that  data 
needs,”  says  Mike  Hager,  vice  president  of  network 
security  and  disaster  recovery  at  New  York-based 
Oppenheimer  Funds  Inc.,  a  wholly  owned  subsidiary 
of  Massachusetts  Mutual  Insurance  Corp.  in  Spring- 
field,  Mass. 

The  key  to  passing  all  forms  of  regulatory  muster 
is  defining  “personally  identifiable  information”  and 
then  limiting  access  to  that  information  to  only  those 
with  a  need  to  know. 

For  example,  you  don’t  want  a  statistician  mining 
for  demographics  on  sexually  transmitted  diseases  to 
also  have  access  to  the  names  and  addresses  of  indi¬ 
vidual  patients  with  such  diseases.  Access  rights  to 
this  type  of  data  must  be  fine-grained  enough  that  a 
statistician  can  only  gather  broader  demographics 
like  age,  sex  or  region. 

And  that  means  defining  user  roles,  says  Hager. 
“The  real  key  here  is  being  able  to  define  who  has  ac¬ 
cess  to  what.  Without  a  role-based  security  model, 
there  is  no  way  of  accomplishing  this,”  he  says. 

It  took  Hager’s  team  six  months  to  define  the  roles 
of  Oppenheimer’s  2,500  users,  400  of  whom  require 
access  to  the  data  warehouse. 

“There’s  a  business  process  that  must  take  place 
before  you  can  automate  this,”  Hager  explains.  “You 
need  to  identify  group  and  individual  user  rights, 
which  we  did  by  going  over  [human  resources]  ac¬ 
counting  codes  and  then  going  to  business  units  and 
asking  everyone  to  justify  their  access  needs.  And 
now  they  must  also  fill  out  an  annual  review  form.” 

Tough  Questions 

Once  you  know  who  requires  access  to  the  ware¬ 
house,  it’s  time  to  measure  the  technical  controls 
around  those  users.  That  means  asking  some  tough 
questions: 

■  Are  access  controls  fine-grained  enough  to 
limit  personal-data  access  to  only  those  who  need 
to  know? 

■  Are  access-control  lists  current? 

■  How  is  access  to  personally  identifiable  informa¬ 
tion  kept  from  users  who  need  access  to  only  some 
of  the  data  in  a  particular  account? 

Relying  on  paper  records  stating  who  has  access  to 
data  makes  auditing  difficult  because  there’s  no  one 
place  to  see  who’s  accessing  what  and  for  what  pur¬ 
pose,  says  Hager.  And  if  you  can’t  figure  that  out,  he 
adds,  how  can  you  ensure  that  only  those  with  a  need 
to  know  see  just  the  data  they  need  to  do  their  jobs? 

“Say  a  health  care  inspector  walks  into  the  office 
and  says,  ‘Show  me  who  needs  access  to  this  priva¬ 
cy  data,  and  show  me  how  you  restrict  it.’  Ninety- 
nine  percent  of  companies  won’t  be  able  to  do  this 
because  they  only  have  bits  of  paper,”  Hager  says. 
“Administrators  just  grant  the  access  when  it’s  re¬ 
quested  on  a  piece  of  paper.  And  they  don’t  track 
these  permissions.” 

Hager  decided  that  he  needed  to  automate  this 
process,  so  he  chose  a  provisioning  rights  manage¬ 
ment  tool  from  Access360  in  Irvine,  Calif.  But  such 
tools  don’t  automatically  populate  themselves,  so 
Hager’s  team  first  had  to  define  user  roles  manually. 

But  now  that  user  privileges  have  been  populated 
into  the  Access360  product,  role-based  privileges  are 
automatically  updated  directly  from  the  human  re- 
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Privacy  Protection  in  and 
Around  the  Data  Warehouse 


BIG-IRON/LEGACY  SYSTEMS 

•  Traditional  access  controls 


APPLICATION  SERVER 

1  Patch/harden  operating  system  •  Authenticate 
user  at  the  application  layer 


” I 

FIREWALL/ROUTER 

1  Encrypt  data  for  transport 


FIREWALL/ROUTER 

1  Encrypt  data  for  transport 

iS _ J 


DATA  WAREHOUSE 

•  Role-based  security  and  permissions  •  Encryption  of  the  most  sensitive 
objects  for  additional  strength  (cumbersome  with  current  technologies)  • 
Patch/harden  operating  system  (with  third-party  kernel  encapsulation  from 
vendors  like  Argus  Systems)  •  Reauthentication  at  the  application  layer 


FIREWALL/ROUTER 

•  Encrypt  data  for  transport 


OTHER  ENTERPRISE  DATA  SOURCES 

•  Application-level  encryption  •  Patch/secure 
operating  systems 


sources  manager’s  desktop.  And  if  regulators  ask  for 
a  corporatewide  data  trail,  the  tool  will  produce  one 
on  demand. 

Currently,  Blue  Cross/Blue  Shield  of  North  Caroli¬ 
na  is  in  the  process  of  determining  the  roles  of  every 
person  accessing  its  data  warehouse,  says  Celia 
Fuller,  director  of  data  warehousing  at  the  Virginia 
offices  of  the  health  insurance  provider. 

Chapel  Hill,  N.C.-based  Blue  Cross/Blue  Shield 
is  also  planning  an  update  of  its  two-table  access- 
control  format  within  its  warehouse.  The  first  table 

KEY  AUDIT  QUESTIONS 

■  What  type  of  data  is  personal  and  sensitive 
in  nature? 

m  Where  is  that  data  stored? 

■  Who’s  looking  at  the  data? 

■  Which  employees  in  which  roles  need  to 
see  sensitive  data  to  do  their  jobs? 

■  Do  access  controls  limit  the  viewing  of  sen¬ 
sitive  information  to  only  those  people  with 
a  need  to  know  in  order  to  do  their  jobs? 

■  How  is  data  protected  from  crackers? 


FIREWALL/ROUTER 

•  Encrypt  data  for  transport 


WEB  SERVER 

•  Patch/harden  Web  server  software  •  Patch/harden  operating 
system  •  Turn  off  unused  vulnerable  services  and  ports  •  Strong 
user  authentication  (such  as  with  smart  cards  or  biometrics) 


includes  nonencrypted  data  that’s  accessible  only 
through  role-based  access  controls  built  in  SQL  na¬ 
tive  to  the  database  itself.  These  role-based  privi¬ 
leges  are  fine-grained  enough  to  determine  who  can 
read,  write  and  delete  specific  objects  in  the  ware¬ 
house,  says  Fuller. 

The  second  table  contains  data  encrypted  with 
proprietary  low-level  (30-  to  40-bit)  encryption,  re¬ 
quiring  a  second-level  paper  sign-off  by  management 
before  a  higher  level  of  authorization  is  granted. 

Database  developers  at  Blue  Cross/Blue  Shield  are 
now  working  out  ways  to  merge  all  of  the  data  back 
into  a  single  table  and  put  higher-level  encryption  on 
top  of  the  most  sensitive  data. 

Blue  Cross/Blue  Shield  is  encrypting  a  small  num¬ 
ber  of  fields,  so  key  management  isn’t  an  issue.  How¬ 
ever,  warehouses  with  large  users  bases  and  multiple 
fields  are  difficult  to  encrypt  because  of  key-manage¬ 
ment  problems,  say  experts. 

But  encrypting  data  in  the  warehouse  is  important, 
say  IT  professionals,  because  if  the  database  were 
compromised  by  disgruntled  employees  or  outside 
attackers,  the  data  itself  would  be  unreadable. 

Some  vendors  are  releasing  software  with  a  menu 
of  encryption  options  and  built-in  key  management 
that  they  say  should  make  database  encryption  easier 
in  the  near  future.  One  example  is  DbEncrypt  from 
New  York-based  Application  Security  Inc. 


“Database  access  controls  and  even  low-level 
encryption  are  useful,  but  how  do  you  manage  the 
keys  and  user  passwords  to  secure  those?  You  can’t 
take  a  file  and  encrypt  it  and  put  the  key  next  to  it. 
That’s  just  as  insecure  as  using  no  encryption  at 
all,”  says  Aaron  Newman,  chief  technology  officer 
at  Application  Security.  DbEncrypt  stores  keys  in 
hash-only  algorithms  that  can’t  be  read  or  tampered 
with,  he  says. 

Drawing  It  Out 

The  tools  that  pull  data  from  the  warehouse  also 
carry  additional  features  that  can  protect  very  fine¬ 
grained  data  sets,  something  that’s  particularly  im¬ 
portant  if  that  data  is  drawn  from  the  Web  by  large 
numbers  of  users. 

For  example,  Owens  &  Minor  Inc.,  a  Fortune  500 
hospital  supplies  distributor  in  Glen  Allen,  Va„  has  a 
mature  data  warehouse  called  Wisdom  in  which 
browser-enabled  customers  and  suppliers  can  ana¬ 
lyze  their  own  purchasing  and  sales  information  for 
potential  cost-reduction  areas  or  wasted  inventory. 
Because  the  application  is  Web-based,  it  was  impera¬ 
tive  that  customers  and  suppliers  be  prevented  from 
crossing  over  into  one  another’s  data,  says  Don 
Stoller,  director  of  information  management  at 
Owens  &  Minor. 

Stoller’s  team  engaged  security  feature  sets  in  its 
data  mining  software  from  San  Jose-based  Business 
Objects  SA  that  lock  together  individual  user  IDs 
and  their  associated  access  privileges  and  manages 
those  accounts,  along  with  native,  SQL-based  privi¬ 
lege  statements. 

So  when  users  log  in  to  Wisdom,  a  SQL  query 
checks  against  a  security  database  that  automatical¬ 
ly  builds  a  “where”  statement  to  the  log-in  account 
and  password.  The  “where”  statement  is  generated 
each  time  that  account  number  logs  in  and  only 
runs  the  data  associated  with  that  account  number 
and  password. 

As  businesses  move  a  greater  number  of  such 
data  mining  applications  to  the  Web  for  their  custo¬ 
mers  or  suppliers,  securing  the  surrounding  appli¬ 
cations  and  transport  layers  is  just  as  important  as 
securing  the  warehouse  controls  themselves,  says 
technology  strategy  consultant,  Stefan  John  Silver- 
man,  president  of  SJS  Associates  NA,  an  IT  devel¬ 
opment  firm  in  San  Francisco. 

For  example,  Silverman  oversaw  development  last 
year  of  a  new  medical  diagnostics  service  available 
to  patients  over  the  Internet.  That  meant  that  critical 
information  had  to  pass  from  legacy  systems  to  the 
data  warehouse,  to  a  Web  server  (upon  receiving  a 
user-initiated  SQL  query)  and  over  the  Internet. 

He  decided  that  the  only  way  to  do  this  was  to  en¬ 
crypt  everything  in  transport  and  on  the  servers,  cre¬ 
ate  a  firewall  for  each  transport  link,  authenticate 
user  IDs  and  access  rights  for  each  application  and 
data  set,  harden  each  machine’s  operating  system, 
and  transmit  over  the  Internet  using  Secure  Sockets 
Layer  browser-embedded  encryption. 

“Anything  that’s  Internet-accessible  is  scary,  espe¬ 
cially  if  it’s  medical  or  financial  data,”  Silverman 
says.  “If  personally  identifiable  medical  data  gets  on 
the  Internet,  it  could  impact  peoples’  lives,  their 
standing  in  the  community,  their  ability  to  get  insur¬ 
ance  or  even  employment.”  I 
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At  one  time, 
we  had  17  data 
entry  people. 
Now  we  have 
just  three. 

ROBERT  SCHLESINGER, 
DIRECTOR  OF  INFORMATION 
SERVICES,  QUEENS  COUNTY 
DISTRICT  ATTORNEY’S  OFFICE 


IN  QUEENS  COUNTY,  NY.,  the 
district  attorney’s  office  was 
running  out  of  storage  space 
as  fast  as  it  was  running  out 
of  money  to  rent  more.  Of  the 
19,500  cubic  feet  of  case 
records  storage  space  avail¬ 
able  to  the  office,  only  775  cubic  feet 
remained.  The  reasons  were  many:  an 
increase  in  the  number  of  prosecutions, 
an  increase  in  the  amount  of  paperwork 
associated  with  the  prosecutions  and 
the  reduced  availability  of  off-premises 
storage  space  in  New  York  City’s  ware¬ 
houses. 

The  finger-in-the-dike  answer  was 
to  accelerate  microfilming  of  closed 
case  records  to  gain  maximal  use  of 
the  dwindling  space.  The  office  also 
rented  temporary  warehouse  space  at 
$25,000  per  year,  using  money  it  would 
rather  have  spent  putting  criminals 
in  jail  than  papers  in  a  file.  Clearly,  a 
less  expensive  solution  was  needed. 
Besides  the  cash  outlay,  managing  a 
quarter-century’s  worth  of  closed  case 
records  stashed  at  a  half-dozen  sites 
was  time-consuming  and  inefficient. 

Many  of  New  York  City’s  agencies 
suffered  from  the  same  problem,  and 
they  were  all  scrambling  for  affordable 
answers.  Working  with  a  $100,000 
funding  allotment  from  the  state  gov¬ 
ernment,  the  district  attorney’s  office 
was  the  first  to  find  one.  Together  with 
custom  integrator  Image  Work  Tech¬ 
nology  Corp.  in  White  Plains,  N.Y.,  the 


47 


COMPUTERWORLD  October  1, 2001 


At  the  Queens  County  District  Attorney’s  Office,  keeping  track  of 
all  the  documents  associated  with  the  50,000  criminal  cases  it 
processes  each  year  is  a  family  affair.  There,  necessity  is  the 
mother  of  invention,  funding  is  the  father,  and  the  prodigal  child 
turns  out  to  be  a  penguin.  By  Howard  Millman 


office  tried  a  novel  approach.  It  used 
Linux  for  something  other  than  run¬ 
ning  Apache  Web  servers. 

“If  we  can  afford  it,  we  will  look  at 
any  promising  technology  to  solve 
problems,  even  if  it’s  not  mainstream,” 
said  Richard  A.  Brown,  the  district 
attorney. 

(Red)  Hat  in  Hand 

Using  Windows  NT  or  Windows 
2000  for  the  office’s  425  users  wasn’t 
something  the  office  could  afford. 

In  seeking  alternative  solutions. 
Brown  and  his  technical  staff  selected 
Red  Hat  Linux  6.0  from  Red  Hat  Inc.  in 
Research  Triangle  Park,  N.C.,  to  power 
a  newly  acquired  Dell  Computer  Corp. 
document  imaging  server.  Linux’s  ap¬ 
peal  stemmed  from  its  low  acquisition 
cost,  high  availability  and  the  tech  sup¬ 
port  staff’s  prior  familiarity  with  Data 
General’s  version  of  Unix. 

From  the  perspective  of  the  system’s 
users,  the  choice  of  Linux  was  transpar¬ 
ent.  Clients  are  Windows  98  machines 
that  use  Internet  Explorer  to  view  the 


imaging  files  stored  on  the  Dell  server. 
The  system  handles  85  to  100  inquiries 
per  day. 

The  document-scanning  and  image¬ 
storing  programs  are  custom  applica¬ 
tions  written  by  Image  Work.  The  scan¬ 
ning  repository,  built  on  top  of  IBM’s 
DB2  database,  communicates  with  the 
office’s  existing  case  record  database 
from  EMC  Corp.’s  Data  General  unit 
via  a  custom  Visual  Basic  interface. 
Data  General’s  database  and  the  Lin- 
ux/DB2  imaging  database  each  run  on 
independent,  interconnected  servers. 

Despite  the  potential  complexity  of 
integrating  the  Data  General  database 
and  the  DB2  database  plus  the  two 
custom  applications,  the  project  went 
flawlessly.  Almost. 

“One  of  the  very  few  technical  prob¬ 
lems  that  arose  with  the  Linux  OS  and 
the  custom  interface  stemmed  from 
Linux’s  tendency  to  leave  an  applica¬ 
tion  running  even  when  the  applica¬ 
tion’s  window  is  closed.  In  Windows, 
closing  the  window  usually  shuts 
down  the  application,”  said  a  much- 


enlightened  Kevin  Hansen,  Image- 
Work’s  president.  Until  Image  Work 
discovered  and  fixed  this  quirk,  users 
inadvertently  launched  multiple  copies 
of  the  Linux  database  and  experienced 
some  odd  results. 

On  Second  Thought 

Automating  manual  filing  processes 
provided  an  opportunity  to  update 
workflow  channels,  and  it  posed  a 
challenge.  Many  of  the  nontechnical 
problems  that  the  district  attorney’s 
tech  support  staff  and  ImageWork 
had  to  overcome  were  procedural.  For 
example,  they  needed  to  dynamically 
assemble  and  collate  multiple  copies  of 
each  case  record  each  time  the  records 
changed  so  prosecutors  had  access  to 
all  the  latest  data  all  of  the  time. 

“The  greatest  challenge  was  achiev¬ 
ing  common  definitions,”  says  Robert 
Schlesinger,  director  of  information 
services  at  the  district  attorney’s  office. 
He  says  tracking  an  average  of  50,000 
cases  per  year,  each  containing  five  to 
100  pages,  proves  a  Herculean  task. 

“Each  of  those  50,000  cases  usually 
consists  of  documents  that  affect  all 
the  defendants  arrested  on  the  related 
offense,”  he  explains.  “That  case 
record  must  keep  all  records  together, 
even  when  their  cases  are  eventually 
disposed  of  in  different  venues.” 

Through  planning,  testing  and 
retesting,  the  district  attorney’s  office 
and  ImageWork  created  a  system  that 
can  track  every  document  or  scanned 
image  that  belongs  in  a  case  record 
and  relate  them  to  one  another. 

The  district  attorney’s  office  keeps 
case  records  for  20  years.  With  the 
new  document  imaging  system  and  mi¬ 
crofilming,  officials  hope  to  gradually 
reduce  the  amount  of  paper  by  trans¬ 
forming  it  into  high-quality  replicas. 

Currently,  the  Linux  imaging  system 
holds  about  500GB  of  data.  That  in¬ 
cludes  scans  and  copies  of  all  1999  case 
records.  The  district  attorney’s  office 
is  now  entering  last  year’s  records.  Ed 
Prchlik,  the  office’s  director  of  system 
management,  predicts  that  storage  will 
reach  1TB  within  three  years. 

Schlesinger  says  that  the  office’s  goal 
is  to  increase  accuracy  and  save  time 
by  eliminating  the  need  to  key  in  data 


manually.  “At  one  time,  we  had  17  data 
entry  people,”  he  says.  “Now  we  have 
just  three.  That  makes  us  the  leading 
agency  for  data  sharing.”  Schlesinger 
heads  up  a  tech  support  group  consist¬ 
ing  of  seven  staffers  and  four  applica¬ 
tion  developers/designers. 

The  system  doesn’t  use  Linux  for 
security.  Instead,  when  a  user  signs 
in,  the  system  validates  his  rights,  and 
he  is  allowed  to  access  the  Linux  image 
server  as  well  as  the  case  records 
database.  All  connections  to  the  image 
server  must  first  pass  through  the 
office’s  database  security  system. 

What  do  the  users  and  technical 
support  staff  think  of  the  debugged 
system?  “I  believe  Linux  will  replace 
Unix,”  says  Prchlik.  “It’s  full-featured, 
reliable  and  fast.” 

That  could  be  sooner  than  later,  and 
Schlesinger  says  that  worries  him 
somewhat.  Although  the  hybrid  system 
is  operating  reliably  and  all  of  the  bugs 
are  apparently  out,  Schlesinger  isn’t 
ready  to  relax.  At  least  not  until  he 
learns  the  future  of  Data  General  in  the 
aftermath  of  its  1999  acquisition  by 
Hopkinton,  Mass.-based  EMC,  an  en¬ 
terprise  storage  provider. 

“Our  case  records  system  is  built  on 
Data  General’s  database  and  Unix.  I 
hope  they  stay  around  for  a  while,”  he 
says.  On  the  other  hand,  if  EMC  should 
stop  supporting  Data  General’s  legacy 
products,  Schlesinger  theorizes  that 
the  office’s  successful  adoption  of  Lin¬ 
ux  as  an  application  server  might  just 
be  the  first  step  of  a  two-step  journey. 

Claiming  that  there’s  “plenty  of 
interest,”  Schlesinger  has  fielded  in¬ 
quiries  about  Linux  from  other  mu¬ 
nicipal  and  law  enforcement  agencies 
statewide.  He  says  his  advice  to  them 
is  uniformly  straightforward:  “Build  on 
your  tech  staff’s  existing  knowledge. 
Only  undertake  a  project  like  this  if 
you  are  already  familiar  with  Unix, 
and  take  it  one  step  at  a  time.” 

Aside  from  the  pride  his  tech  sup¬ 
port  staff  exudes  over  the  system, 
how  do  the  office’s  support  staff  feel 
about  it? 

“To  me,  this  new  system  is  a  god¬ 
send.  I  leapt  out  of  my  chair  when  I 
first  heard  about  it,”  says  public  infor¬ 
mation  officer  Mary  DeBurbon.  “I 
can’t  tell  you  how  many  calls  I  get 
each  week  asking  about  old  cases. 

From  now  on,  I  can  keep  track  of 
every  crime  we  are  investigating.”  So 
move  over,  Batman;  Gotham  may  have 
just  discovered  a  new  symbol  of  law 
enforcement,  and  it’s  a  penguin.  > 


Millman  is  a  writer  and  consultant  in 
Croton,  N.Y. 
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For  a  checklist  of 
what  to  take  with 
you,  visit  our  Web 
site  at: 

www.computerwor1d.co<n/q?23255 


New  and  Neat 

One  of  the  niftiest 
products  I’ve  seen  in  a 
while  is  the  $20  FlyLight 
om  Kensington  Technology 
Group  in  San  Mateo,  Calif. 
This  small  LED  on  the  end  of 
a  bendable  cable  arm  plugs 
into  a  USB  port.  It  gives  just 
enough  light  so  you  can  easily 
use  the  keyboard  in  dark  sur¬ 
roundings  —  like  on  a  red-eye 
flight  —  but  it  hardly  adds  to 
the  battery  drain. 

Kensington  claims  that  the 
FlyLight  saps  just  90  seconds’ 
worth  of  power  per  hour  of 
battery  life.  The  only  compa¬ 
rable  device  I’ve  ever  seen  is 
the  little  lid-mounted  key¬ 
board  light  that  IBM  builds 
into  its  ThinkPad  models.  ft 


KENSINGTON’S  FLYLIGHT, 
a  small  LED  on  the  end 
of  a  bendable-cable  arm, 
provides  light  for  working 
in  dim  surroundings. 


IT’S  BEEN  A  WHILE  Since 
I’ve  written  about  travel¬ 
ers’  computing  needs, 
and  in  that  time,  a  steady 
stream  of  new  products 
has  appeared.  Many  of  these 
have  become  regular  travel 
companions  because  they 
solve  some  problem  for  me  — 
and  they  might  for  you,  too. 

This  week’s  installment 
deals  with  various  devices. 
Part  2,  which  will  appear  in  a 
month,  will  consider  how  you 
can  pack  and  carry  all  this 
gear.  In  between,  in  the  Oct.  15 


and  is  more  comfortable  to 
use  than  the  Targus  unit.  Its 
size  makes  it  usable  on  the 
palm-rest  portion  of  a  note¬ 
book  computer,  just  below  the 
keyboard.  As  with  all  mice, 
though,  it’s  important  to 
match  the  device’s  size  and 
shape  to  your  own  hand. 

Still,  my  preference  is  a  full- 
size  mouse.  My  current 
favorite  is  the  $69.95  cordless 
optical  MouseMan  from  Log¬ 
itech  Inc.  in  Fremont,  Calif. 
And  while  I’m  at  it,  I  always 
pack  along  a  mouse  pad  —  a 
very  thin  rubber  pad  that 
takes  up  very  little  space. 
Although  it’s  usually  easy 
enough  to  get  along  without  a 
mouse  pad,  especially  with  an 
optical  mouse,  it  can  make  a 
real  difference. 


USB  for  the  Rest  of  Us 

All  three  of  these  mice  are 
Universal  Serial  Bus  (USB) 
devices,  and  that  brings  up  an¬ 
other  necessary  item:  a  USB 
hub.  My  2-year-old  Dell  Lati¬ 
tude  laptop 


LOGITECH’S 
MouseMan 
full-size  cordless  optical  mouse  is 
easier  to  handle  than  some  small¬ 
er  models  made  for  travelers. 


has  just  a  single  USB  port. 
Most  newer  machines  have 
two,  and  I’ve  seen  a  couple 
with  three.  If  I  want  to  use 
more  than  one  USB  peripher¬ 
al,  I  need  help,  in  the  form  of 
an  extension  cord  for  data  in¬ 
stead  of  power  (although  USB 
carries  power,  too).  In  short,  I 
need  a  USB  hub. 

The  first  one  I  ever  used 
cost  $300  several  years  ago.  It 
was  a  heavy,  bulky,  metal- 
cased  affair.  Now  I  have  two 
much  smaller  units,  each  just 
half  the  size  of  an  eyeglass 
case.  These  four-port  mini 
USB  hubs  are  from  Targus 


(Model  No.  PA060U,  priced  at 
$49)  and  Compton,  Calif.- 
based  Belkin  Components 
(Model  No.  F5U007,  for  $60). 
One  or  the  other  goes  with  me 
on  every  trip. 

The  Targus  is  the  smaller  of 
the  two,  but  the  Belkin  offers 
stackability  (and  expansion) 
with  other  adapters  and  a 
choice  of  colors  via  slip-on 
covers.  Both  work  fine,  though 
I  found  the  Belkin’s  tight- 
fitting  cover  harder  to  use. 
With  either  hub,  it’s  important 
to  take  along  the  AC  power 
brick  because  many  USB  pe¬ 
ripherals,  including  optical 
mice,  draw  more  power  than 
the  hub  can  deliver. 

And  while  we’re  talking 
about  plugging  in,  Targus  has 
a  dandy  $120  Universal  AC 
Power  Supply  that’s  much 
lighter  than  many  of  those  that 
come  with  notebooks.  Using  a 
series  of  interchangeable  pow¬ 
er  tips,  the  single  unit  can 
power  many  different  brands 
and  models  of  notebooks  (not 
all  at  the  same  time,  of 
course).  It  comes  with  a  spe¬ 
cial  AC  plug  that  eliminates 
the  need  for  one  more  cord. 
Finally,  to  round  out  the 
power  story,  Targus  also 
makes  an  auto/airplane 
universal  power  adapter 
for  the  same  price. 


issue,  I’ll  discuss  personal 
backup  and  data  storage  for 
travelers. 


Mousing  Around 

I’m  a  dedicated  mouse  user. 

I  dislike  touchpads  of  any  sort, 
though  I’m  much  happier  with 
those  eraser-head-like  point¬ 
ing-stick  devices.  But  the  truth 
is,  I  always  pack  along  a 
mouse.  Until  recently,  that 
could  be  just  about  any 
old  mouse.  But  now 
there  are  some  excel¬ 
lent  choices  espe¬ 
cially  for  travelers. 

First  is  the  Optical 
Mini  Mouse  (Model  No. 
PAUM003U,  priced  at  $50), 
from  Anaheim,  Calif.-based 
Targus  Inc.  It’s  about  half  the 
size  of  a  normal  mouse  but  has 
all  of  the  standard  functions, 
including  a  scroll  wheel. 

I’ve  carried  this  several 
times.  Its  size,  however, 
can  make  it  somewhat  un¬ 
comfortable  to  use  for  long 
periods. 

But  I  also  like  one  that’s 
even  smaller.  The  $50  Super 
Mini  Optical  Mouse  from 
Tustin,  Calif. -based  Atek  Elec¬ 
tronics  Inc.  is  barely  half  the 
size  of  the  Targus,  meaning 
it’s  truly  tiny.  At  this  size, 
you  don’t  really  rest  your 
hand  on  it  as  you 
would  with  a  normal 
mouse;  instead, 
you  hold  and 
operate  it 
with  your 
Fingers.  For 
some  reason, 
this  fits  my 
hand  better 


The  Traveler’s 
Kit  Bag,  Part  1 

A  fresh  look  at  devices  and  computer  accessories 
that  can  make  working  on  the  road  less  onerous 
and  more  productive.  By  Russell  Kay 
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HOT  TRENDS  &  TECHNOLOGIES  IN  BRIEF 


Transaction  Processing 


BY  PETE  LOSHIN 

Yin  and  yang,  life 
and  death,  Clark 
Kent  and  Super¬ 
man.  Some  con¬ 
cepts  are  so  inter¬ 
twined  that  it’s  impossible  to 
imagine  one  without  the  other. 
Transaction  processing  (TP) 
and  relational  databases  [Tech¬ 
nology  QuickStudy,  Jan.  8] 
make  up  another  such  pairing. 

In  theory,  TP  can  happen 
without  a  relational  database, 
but  you  wouldn’t  want  to  try  it. 
And  you  could  do  a  relational 
database  without  TP,  but  you 
would  lose  one  of  the  benefits 
of  having  a  relational  database: 
the  ability  to  update  multiple 
tables  to  reflect  the  completion 
of  a  transaction. 

Systems  capable  of  doing  TP 
must  pass  the  ACID  test:  atom¬ 
icity,  consistency,  isolation  and 
durability.  Transactions  are 
atomic,  meaning  they  either 
happen  or  not.  If  one  account 
is  debited,  some  other  account 
must  be  credited. 

The  TP  system  must  always 
be  consistent  with  its  own 
rules.  No  transaction  can  hap¬ 
pen  if  errors  are  returned  as 
the  transaction  is  processed. 
For  example,  if  a  table  that 
must  be  updated  is  on  a  hard 
drive  that  is  inaccessible,  the 
transaction  fails. 

Isolating  transactions  means 
that  other  processes  never  see 
database  tables  in  an  interme¬ 
diate  state.  They  may  get  to 
see  what  the  database  looked 
like  before  or  after  the  trans¬ 
action,  but  not  during.  For 
example,  anyone  querying  an 
airline  reservation  system  for 
seating  will  see  all  seats  not 
reserved  at  that  moment.  But 
if  two  people  try  booking  the 
last  seat  on  tonight’s  red-eye 
at  the  same  time,  only  one  can 
succeed. 

Finally,  transactions  must  be 
durable,  meaning  that  once  the 
last  seat  is  reserved  and  the 
customer  receives  notification 
of  the  booking,  that  transaction 
is  permanently  recorded.  Even 


Results 


System  1 


System  2 


Storage  1 


Storage  2 


Global 

coordinator 


Phase  1 

O  Global  coordinator  noti¬ 
fies  systems  that  tables  1, 2, 3 
and  4  need  to  be  updated. 

©  Systems  check  every¬ 
thing,  including  their  storage 
devices,  to  make  sure  they 
are  ready  to  write  data  to  the 
tables  in  question,  with  both 
the  current  and  new  values 
accessible  but  no  changes 
made. 

©  Systems  notify  global 
coordinator  that  they  are 
ready  to  update  tables  or  not. 
If  any  system  is  not  able  to 
make  the  change,  it  notifies 
the  coordinator,  which  noti¬ 
fies  all  systems  that  the  trans¬ 
action  has  failed  and  the 
transaction  therefore  aborts. 

Phase  2, 
if  successful 

©  Global  coordinator,  on 
receiving  affirmation  from 
all  participating  systems 
about  all  tables  to  be  updat¬ 
ed,  notifies  all  systems  that 
they  can  update  their  tables. 

©  The  systems  update  their 
tables  and  report  status  to 
the  global  coordinator  (either 
success  or  failure). 

©  On  receipt  of  successful 
completion  of  the  updates 
to  all  the  tables,  the  global 
coordinator  can  report  back 
to  the  requesting  node  that 
the  transaction  has  been 
completed. 


DEFINITION 

Transaction  processing  is  the 

unambiguous  and  independent 
execution  of  a  set  of  operations 
on  data  in  a  relational  database, 
which  treats  that  set  of  actions 
as  a  single  event.  If  any  part  of 
the  transaction  process  fails,  the 
entire  transaction  fails  and  all 
participating  resources  are  rolled 
back  to  their  previous  state. 


if  the  system  was  hit  by  light¬ 
ning  after  the  transaction  was 
complete,  TP-capable  systems 
would  be  able  to  retrieve  it. 

Two-Phase  Commitment 

Relational  databases  are 
sometimes  defined  as  systems 
capable  of  doing  transaction 
processing  by  virtue  of  their 
ACID-support.  The  “two-phase 
commit”  (2PC)  protocol  is  a 
defining  characteristic  as  well 
as  a  key  mechanism  by  which 
the  transaction  is  enabled. 

In  the  first  phase  of  the  2PC, 
a  global  coordinator  notifies  all 
systems  in  the  transaction  that 
they  should  prepare  to  either 
commit  the  changes  required 
by  the  transaction  or  roll  back 
their  tables  to  their  previous 
state.  The  systems  involved 
notify  the  global  coordinator 
when  they’re  prepared  to  com¬ 
mit  the  transaction  or  that  they 
won’t  be  able  to  commit  the 
transaction.  If  a  system  doesn’t 
respond,  or  responds  with  an 
error,  the  global  coordinator 
will  abort  the  transaction  and 
notify  systems  to  roll  back  the 
changes. 

If  all  systems  are  go  for  the 
First  phase,  the  coordinator 
notifies  the  systems  to  begin 
the  commit  phase  by  writing 
all  changes  and  then  notifying 
the  coordinator.  The  transac¬ 
tion  is  completed  only  when  all 
systems  notify  the  coordinator 
that  the  changes  have  been 
committed;  if  any  errors  occur 
at  this  stage,  the  transaction 
will  be  canceled  and  all  partici¬ 
pants  are  required  to  roll  back 
changes.  (See  diagram.) 

Transaction  processing  is  a 
mature  technology,  as  are  the 
relational  database  and  the 
transaction  monitor  (see  box). 
All  were  introduced  in  the 
1960s  and  1970s,  as  large  data 
processing  shops  required 
mechanisms  for  reliably  au¬ 
tomating  transactions.  Over 
the  decades,  the  cost  of  sup¬ 
porting  TP  has  dropped  to  the 
point  at  which  almost  any  busi¬ 
ness  can  apply  it  profitably. 


Transaction 

Monitors 

The  global  coordinator  shouldn't 
be  confused  with  the  transaction 
monitor,  also  commonly  known 
as  transaction  processing  monitor 
software  or  the  transaction  server 
[Technology,  QuickStudy,  May  17, 
1999], 

Transaction  monitors  are  mid¬ 
dleware  programs  that  mediate 
between  clients  and  servers.  They 
optimize  database  performance 
by  acting  on  behalf  of  the  clients. 
Rather  than  have  every  client  open 
a  session  with  a  server,  the  clients 
connect  to  a  transaction  monitor 
which  queries  the  server  through 
its  own  session.  This  relieves  the 
server  from  the  chore  of  handling 
numerous  individual  sessions. 

First  introduced  in  the  1970s 
for  mainframe  systems,  transac¬ 
tion  monitors  were  reborn  in  the 
late  1990s  as  software  publishers 
rolled  out  new  versions  capable 
of  handling  online  transaction 
processing  systems  providing 
services  through  Web  servers. 

-  Pete  Loshin 


Today,  the  problems  of  dis¬ 
tributing  transactions  on  the 
Web  are  similar  to  the  prob¬ 
lems  of  distributing  them  on 
systems  with  disparate  data 
tables  spanning  multiple  tape 
and  disk  drives.  As  a  result, 
extending  TP  capabilities  to 
the  Internet  is  often  as  easy  as 
building  the  interface  and 
business  logic  for  an  applica¬ 
tion  on  an  existing  system.  And 
e-commerce  needs  effective  TP 
mechanisms.  Without  them, 
there  would  be  no  way  to  verify 
the  transactions  that  form  the 
basis  for  e-commerce.  I 


Loshin  is  a  freelance  writer  in 
Arlington,  Mass. 
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Proper  Testing  Key  to  VPN, 
Web  Site  Security  Efforts 


A  good  security  design  is  not  enough;  conducting 

the  right  tests  is  a  critical  last  step  before  launch 


BY  MATHIAS  THURMAN 

y  company’s  virtual 
private  network  (VPN) 
project  is  now  almost 
complete.  Last  week,  I 
received  word  that  the 
system  engineers  had  built  and  config¬ 
ured  the  Lightweight  Directory  Access 
Protocol  (LDAP)  servers  and  VPN 
gateways.  That  meant  it  was  time  to 
perform  final  security  testing,  so  I 
loaded  my  laptop  test  ma¬ 
chine  with  vulnerability 
assessment  tools  and 
headed  to  the  data  center. 

The  laptop  test  machine 
is  a  dual-boot  system  run¬ 
ning  Linux  and  Windows 
NT.  I  use  the  Linux  parti¬ 
tion  to  run  Nessus,  which 
is  a  very  good  (and  free) 
vulnerability  assessment 
tool,  and  to  compile  and 
run  exploits  that  I  down¬ 
load  from  the  Internet.  We 
are  using  Nortel  Networks 
Corp.’s  Contivity  as  our 
VPN  gateway  device,  and 
Solaris  2.7  as  the  LDAP 
server’s  operating  system, 
so  I  downloaded  a  few  So¬ 
laris  and  Nortel  exploits  from  the  Inter¬ 
net  to  test  for  common  vulnerabilities. 

That  sounds  scary,  but  I  felt  confi¬ 
dent  that  my  limited  programming  ex¬ 
perience  is  good  enough  to  recognize 
whether  the  downloaded  source  code 
has  any  back  doors,  is  malicious  or 
sends  data  to  some  third  party. 

I  used  the  NT  partition  to  run  the 
more  sophisticated  scanning  tools, 
such  as  Atlanta-based  Internet  Security 
Systems  Inc.’s  Internet  Scanner.  The  as¬ 
sessments  went  very  well.  Later,  I  plan 
to  incorporate  the  data  into  a  complete 
risk  document  and  present  it  to  the 
project  manager. 

Upon  returning  to  the  office,  I  had 
several  messages  from  the  program 
manager  responsible  for  e-business.  He 
was  concerned  about  the  security  of  the 
new  public  Web  site  we’re  building. 


The  site  is  a  work  of  art.  It  includes 
load  balancers,  content  servers  from 
Vignette  Corp.,  back-end  Microsoft 
SQL  Server  database  servers  and  an 
e-commerce  gateway  that  connects  to  a 
payment  authorization  service  over  a 
separate  private  circuit.  The  site  is  fully 
redundant,  from  the  servers  and  fire¬ 
walls  to  the  routers  and  switches.  But 
will  it  be  secure?  The  project  manager 
called  me  in  to  begin  the  testing  phase. 

Fortunately,  security  has 
been  part  of  the  design 
right  from  the  start.  The 
project  was  already  moving 
forward  when  I  came  on 
board,  but  the  project  man¬ 
ager  sought  me  out  to  re¬ 
view  the  design.  I  also  gave 
the  engineers  system-hard¬ 
ening  guidelines  when  they 
built  the  servers,  so  it  didn’t 
surprise  me  when  the  sub¬ 
sequent  vulnerability  as¬ 
sessment  came  back  with 
minimal  findings.  However, 
these  assessments  alone 
aren’t  sufficient  to  give  the 
Web  site  a  clean  bill  of 
health. 

The  problem  is  that  most 
commercial  vulnerability  assessment 
tools  only  check  for  specific  operating 
system  and  third-party  program  issues. 
They  cover  items  such  as  using  brute- 
force  methods  to  crack  an  authentica¬ 
tion  mechanism,  buffer  overflow  at¬ 
tempts,  and  configuration  errors  in 
programs  such  as  sendmail,  File  Trans¬ 
fer  Protocol  and  Berkeley  Internet 
Name  Domain.  What  they  don’t  check 
for  are  potential  weaknesses  in  the  in¬ 
teroperation  between  the  Web  server 
and  other  parts  of  the  infrastructure.  To 
fully  test  the  integrity  of  the  new  Web 
site,  we  need  to  conduct  an  application- 
level  vulnerability  assessment. 

This  is  a  fairly  new  type  of  assess¬ 
ment.  There  are  few  automated  tools 
that  you  can  use,  and  you  can’t  just 
point  and  click  at  the  Web  server  to 
gain  the  proper  insight. 


The  issues  are  complex.  For  example, 
consider  this  Web  address,  which  logs 
user  mthurman  on  to  a  Web  appli¬ 
cation:  https://someserver.com/cgi-bin/ 
logon/logon?=mthurman/ack/1045623/ 
custom.asp. 

What  would  happen  if  a  hacker  were 
to  replace  “mthurman”  with  “vince. 
tuesday”?  Would  the  application  redi¬ 
rect  the  attacker  back  to  the  original 
log-on  screen  to  force  the  proper  au¬ 
thentication?  Or  would  the  manipula¬ 
tion  let  the  attacker  bypass  authentica¬ 
tion  and  jump  into  the  account  of  an¬ 
other  user?  That’s  an  extremely  rudi¬ 
mentary  example,  but  there  are  scores 
of  possible  programming  and  permis¬ 
sion  glitches  that  could  allow  an  intrud¬ 
er  to  manipulate  a  Web  address  to  gain 
unauthorized  access. 

Since  there  are  many  issues  sur¬ 
rounding  Web-address  manipulation, 
and  because  this  is  an  area  where  my 
knowledge  is  a  bit  weak,  I  decided  to 
outsource  our  application-level  as¬ 
sessment.  The  problem  was,  I’ve  had 
only  limited  experience  in  hiring  a 
third  party  to  come  in  and  hack  into 
my  infrastructure.  So,  how  does  one  go 
about  choosing  a  vendor? 

Web  Search 

I  called  a  few  friends  and  profession¬ 
al  acquaintances  for  referrals,  but  no 
one  had  used  a  consultant  for  an  appli¬ 
cation  assessment.  So  I  resorted  to  a 
Web  search.  I  came  up  with  a  short  list 
of  three  local  vendors  and  then  called 
each  in  for  an  interview. 

One  of  my  requirements  in  choosing 
a  vendor  was  that  I  had  to  personally 
meet  the  people  who  would  perform 
the  assessment.  I  wanted  to  see  their 
backgrounds  and  certifications.  I  also 
requested  samples  of  their  vulnerabili¬ 
ty  reports  and  a  list  of  references.  Other 
than  that,  there’s  not  too  much  else  on 
which  to  judge  these  organizations. 

In  the  end,  I  figured  that  if  I  felt  com¬ 
fortable  with  the  personalities  and 
qualifications  of  the  individuals,  if  I 
liked  the  format  and  content  of  the  re¬ 
ports  and  if  reference  customers  had 
good  things  to  say  about  the  vendor, 
that  would  be  enough. 

Unfortunately,  of  the  three  compa¬ 
nies  we  interviewed,  only  one  provided 


SECURITY 

MANAGERS 

JOURNAL 


LINKS: 

www.homeport.org/-adam/ 
review.html  and 

www.freebsd.org/security/4spg : 

Security  managers  often  need  to  ensure 
that  program  code  is  reviewed  for  secu¬ 
rity  deficiencies  prior  to  deployment. 
Even  if  you’re  not  a  programmer,  you 
can  create  a  code  review  to  address 
this  issue  and  provide  that  document 
and  any  supporting  materials  to  your 
quality  assurance  or  engineering  de¬ 
partment.  The  links  above  should  help. 

www.sanctuminc.com:  Of  the  few 

application-scanning  tools  available,  my 
favorite  is  Santa  Clara,  Calif.-based 
Sanctum  Inc.’s  AppScan.  I  like  the  fact 
that  the  designers  have  spent  time 
building  actual  exploits  into  the  product. 

www.dwheeler.com/flawfinder/: 

Flawfinder  is  a  useful  open-source  tool 
for  scanning  source  code.  It’s  available 
for  free,  but  you’ll  need  Linux  to  run  it. 


all  of  the  requested  information.  But 
representatives  from  that  firm  were  ex¬ 
tremely  knowledgeable  and  had  nu¬ 
merous  technical  certifications,  in¬ 
cluding  the  well-respected  Certified 
Information  Systems  Security  Practi¬ 
tioner  certification.  They  passed  the 
nice-guy  test. 

The  reports  they  sent  appeared  to  be 
just  what  the  doctor  ordered.  They  con¬ 
tained  no  boilerplate  fluff  to  take  up 
page  space,  and  no  funky  graphics  or 
other  nonessential  materials  —  just  the 
data  needed  to  identify  and  mitigate  se¬ 
curity-related  findings.  That  was  hur¬ 
dle  No.  2. 

Then  I  called  three  of  the  10  refer¬ 
ences.  All  said  they  had  nothing  but  ex¬ 
emplary  experiences.  It  helped  that  I 
knew  one  of  the  references  personally. 
That  clinched  it. 

When  it  came  time  for  action,  the  as¬ 
sessment  team  provided  a  statement  of 
work,  and  we  agreed  upon  a  time  frame. 
We  gave  them  two  user  accounts  (no 
data  associated  with  the  accounts,  of 
course)  and  scheduled  a  commence¬ 
ment  date  of  next  week. 

Have  you  been  through  a  Web  appli¬ 
cation  security  assessment  before?  Did 
I  leave  anything  out?  If  so,  I  welcome 
your  comments  and  suggestions  in  the 
Security  Manager’s  Journal  forum.  I 


Qu£k 

Link© 


For  more  on  the  Security 
Manager's  Journal,  including  past 
journals,  visit: 

www.computerworid.com/q7q2000 


■  This  week's  journal  is  written  by  a  real  security  manager,  "Mathias  Thurman,"  whose  name  and  employer  have  been  disguised  for  obvious  reasons.  Contact  him  at  mthurman@hushmail.com  or  go  to  the  Security  Manager’s  Journal  forum. 
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RLX  Helps  Data  Centers 
With  Switch  to  Blades 


Its  high-density,  low-power  Web  server 
blades  can  improve  efficiency  and  cut  costs 


BY  LINDA  ROSENCRANCE 

WHEN  SCOTT 
Schedler, 
chief  finan¬ 
cial  officer 
at  financial 
Web  site  The  Motley  Fool  Inc., 
discovered  that  RLX  Technol¬ 
ogies  Inc.’s  new  blade  servers 
cut  costs  in  the  company’s  data 
center  by  60%,  he  did  the  hap¬ 
py  dance,  says  chief  technolo¬ 
gy  officer  Dwight  Gibbs. 

“We  had  some  issues  with 
our  setup,”  Gibbs  says.  “The 
footprint  in  the  data  center 
was  too  large,  and  the  [system] 
was  [using]  a  lot  of  power.  So 
we  decided  to  look  at  new 
technology  to  address  our 
problems.” 

Gibbs  says  start-up  RLX  was 
the  only  company  shipping 
server  blades  when  he  made 
his  decision.  Thus,  The  Wood¬ 
lands,  Texas-based  vendor 
leapt  ahead  of  industry  heavy¬ 
weights  Compaq  Computer 
Corp.  and  Hewlett-Packard  Co., 
which  have  announced  plans 
to  ship  similar  products  late 
this  year. 

On  the  Leading  Edge 

A  server  blade  is  a  complete 
computing  system  that  inte¬ 
grates  processors,  memory 
and  I/O  functions  on  a  single 
circuit  board.  Server  blades 
that  fit  into  the  RLX  System 
324  chassis  measure  just  4.7  in. 
high,  .58  in.  wide  and  14.7  in. 
deep.  RLX  uses  Santa  Clara, 
Calif.-based  Transmeta  Corp.’s 
low-power  Crusoe  micropro¬ 
cessor  in  its  design. 

Founded  last  year,  RLX  has 
already  garnered  $59  million  in 
funding  —  no  mean  feat  in  the 
current  market  —  and  has  a 
seasoned  management  team 
that  includes  Compaq  founder 
Gary  Stimac  as  CEO. 

RLX  is  focusing  first  on  the 
Web  server  market,  targeting 


Web  hosting  companies  and 
Internet  data  centers,  says 
Michael  Swavely,  president 
and  chief  operating  officer. 
RLX  claims  to  have  more  than 
a  dozen  customers  but  de¬ 


clines  to  name  them  for  com¬ 
petitive  reasons. 

RLX  can  fit  336  server  blades 
in  one  rack  vs.  42  in  a  standard 
configuration.  Each  blade  uses 
15  watts  of  power  at  peak  per¬ 
formance  (vs.  75  watts  for  a  tra¬ 
ditional  server)  and  delivers 
five  to  10  times  more  efficiency 
than  other  Web  servers,  says 
Swavely.  RLX’s  servers  gener¬ 


RLX  BOASTS  $59  million  in  funding  and  a  management  team  that 
includes  Compaq  veterans  Gary  Stimac  (left)  and  Mike  Swavely. 


ate  80%  less  heat  than  standard 
servers,  so  they  require  less  air 
conditioning  and  backup  pow¬ 
er,  in  part  because  of  the  Cru¬ 
soe  chip,  he  claims. 

Web  hosting  firms  and  Inter¬ 
net  data  centers,  including  In¬ 
ternet  service  providers,  appli¬ 
cation  service  providers,  host¬ 
ing  and  co-location  companies, 
content-distribution  compa¬ 
nies  and  online  businesses,  are 
prime  targets  for  RLX’s  server- 
blade  technology,  according  to 
Swavely. 


RLX  Technologies  Inc. 

ware  introduced 

Employees:  100  c°trinMlQg 

Rnrn  mnnpv  SFiQ 


25231  Grogan’s  Mill  Road 
Suite  600 

The  Woodlands,  Texas 
77380-2174 
(281)  863-2100 

Web:  www.rlxtechnologies.com 

Niche:  Ultrathin  rack-mounted 
blade  Web  servers  that  conserve 
power  and  space 

Company  officers: 

•  Gary  Stimac,  CEO 

•  Michael  Swavely,  president 
and  COO 

•  Mike  Perez,  vice  president  of 
technology 

•  Christopher  Hipp,  chief  technolo¬ 
gy  officer  and  co-founder 

Milestones: 

•  November  2000:  Company 
founded 

•May  2001:  RLX  System  324 
Web  server  ships 

•  September  2001:  RLX  Control 
Tower  server  management  soft- 


X* 


Burn  money:  $59 

million  from  Soros  Pri-  f 

vate  Equity  Partners  LLC, 

IBM,  Ignition  Corp.,  Sternhill 
Partners,  ComVentures  and  RLX’s 
management  team 

Products/pricing:  An  RLX  Sys¬ 
tem  324  chassis  with  six  Server- 
Blades  is  $6,999;  a  full  chassis 
with  24  ServerBlades  is  $26,511, 
including  management  software. 

Customers:  The  Motley  Fool, 
plus  more  than  a  dozen  others 

Partners:  Transmeta,  Microsoft 
Corp.  and  Red  Hat  Inc. 

Red  flags  for  IT: 

•  RLX  may  lose  its  early  lead  once 
larger  competitors  ship  similar 
products  later  this  year. 

•  Its  initial  products  are  designed 
just  for  Web  server  functions. 


Cost-Cutters 

With  the  cost  of  data  centers 
averaging  $300  per  square 
foot,  firms  like  New  York- 
based  The  Motley  Fool  are  try¬ 
ing  to  figure  out  how  to  fit 
more  servers  into  less  space, 
trim  operating  costs  and  in¬ 
crease  revenue  per  square  foot 
while  still  satisfying  the  needs 
of  users. 

And  because  of  increased 
energy  prices,  these  business¬ 
es  are  also  under  pressure  to 
decrease  power  consumption. 
As  far  as  The  Motley  Fool  is 
concerned,  RLX’s  new  servers 
did  just  that,  Gibbs  says. 

“Using  these  servers  allows 
us  to  shrink  our  footprint  [in 
the  data  center]  and  put  more 
pUT£  CPUs  in  a  smaller  space,” 
Gibbs  says.  “So  if  we  can 
decrease  the  square 
footage  and  lower 
power  use,  we  can  de¬ 
crease  our  costs.  And 
the  pricing  is  also  very 
attractive.” 

RLX’s  servers  are  also 
easier  to  maintain  than  others, 
according  to  Gibbs. 

“There’s  not  a  whole  lot  of 
spare  parts,”  he  says.  “And 
we  need  less  manpower  [to 
maintain  them].  With  two 
[rounds  of]  layoffs,  that  was 
important.” 

RLX  will  face  competition 
from  larger,  more  established 
server  vendors  by  year’s  end, 
but  the  blade-server  pioneer 
says  it  isn’t  standing  still. 
“RLX  is  already  planning  sec¬ 
ond-generation  solutions,”  re¬ 
ports  RLX  spokesman  Bob 
Beach. 

Time  will  tell  whether  inno¬ 
vation  will  be  enough  to  keep 
RLX  ahead  of  the  server  indus¬ 
try’s  leaders.  ► 
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Leading  the  Pack 


Framingham,  Mass.-based  IDC  expects 
2001  to  be  the  year  ultrathin  server 
blades  gain  acceptance  in  the  market. 
But  while  other  hardware  vendors  say 
they’re  planning  to  ship  such  products, 
RLX  was  the  first  to  do  so,  says  IDC  ana¬ 
lyst  Mark  Melenovsky. 

“RLX  moved  quickly  with  the  RLX 
System  324  Web  server  to  address  the 
growing  demand,"  says  IDC  analyst 
John  Humphreys.  “With  its  focus  on  Web 
hosting  companies  and  Internet  data 
centers  -  and  the  fact  that  it  alleviates  the 
critical  density  and  power  issues  facing 
these  customers  -  RLX  has  positioned  it¬ 
self  as  a  leader  in  the  blade  market.” 

In  order  to  remain  a  leader,  RLX  must 
expand  its  product  beyond  Internet  data 
centers  and  Web  hosting  companies, 
says  Melenovsky. 

According  to  RLX  COO  Michael 
Swavely,  the  company’s  goal  is  to  build 
on  its  market  leadership  position  in  serv¬ 
er  blades  to  make  inroads  into  the  larger 
server  market. 

Although  no  other  company  is  yet 
shipping  a  server-blade  product  based 
on  a  low-power  chip,  RLX’s  potential 
competitors  include  the  following: 

Nexcom  International  Co. 

Taipei,  Taiwan 
www.nexcom.com 

Nexcom’s  HiServer  blade  servers,  which 
are  already  shipping,  function  as  Web, 
firewall,  e-mail  and  video-broadcasting 
servers.  However,  they  use  existing 
processors  from  Intel  Corp.  and  Cyrix 
Corp.  rather  than  low-power  chips. 

Compaq  Computer  Corp. 

www.compaq.com 

Compaq  and  chip  maker  Intel  are  build¬ 
ing  an  ultradense  server  code-named 
QuickBlade.  The  server  will  use  Intel’s 
new  Tualatin  ultralow-voltage  proces¬ 
sors  and  will  ship  later  this  year. 

Hewlett-Packard  Co. 

www.hp.com 

HP’s  blade  servers  are  scheduled  to 
ship  in  the  fourth  quarter.  HP  is  focusing 
the  design  of  its  blade  servers  around 
the  CompactPCI  architecture  and  will 
sell  them  to  telecommunications 
providers,  other  service  providers  and 
enterprises. 

-  Linda  Rosencrance 


IT  CAREERS 


Systems  &  Network  Consultant 

Analyze,  plan  &  specify  high¬ 
speed  data  networks  on  WinNT 
Server,  Novell  NetWare  Server, 
Citrix  Winframe  and  Microsoft 
Terminal  Server  with  Metaframe. 
Administer  multi-user  servers 
connected  to  thin  clients  and 
Wireless  Remote  Terminals, 
Perform  GroupWare  functions 
with  Lotus  Notes,  Domino  Serv¬ 
er,  Microsoft  Exchange  &  Novell 
Groupwise.  Design,  install, 
administer  &  monitor  local  & 
wide  area  TCP/IP  Networks  with 
Sniffer,  LAN  Diagnostic  Tools, 
Protocol  Analyzers,  LAN  Probes, 
LAN  Meters.  Compass  Protocols, 
R1P2,  IPX,  SNMP,  FDDI,  Bay 
Networks,  Routers,  Cisco  Routers, 
Hubs,  Switches.  Use  ATM,  Frame 
Relay  to  develop  application 
evolution  for  migrating  platforms 
&  media  for  network  devices. 
Install  &  configure  Network 
Access  Servers  &  SNA  gate¬ 
ways  under  Novell  Netware  & 
WinNT  &  develop  switched 
networks  with  Multiple  Servers, 
Disk  Duplexing,  Disk  Mirroring, 
Remote  terminals  on  Eicon  SNA 
LAN  Gateway,  Eicon  ICS  Server 
for  Novell  Netware.  Administer 
HP  Open  View  Node  Manager  to 
manage  the  Networks.  $62,000/ 
yr,  40hrs./wk.  B.S.  Comp.  Sc/App, 
Comp  Engg.  Math.,  Physics, 
Chemistry  or  Sc.  rel.  &  2  yrs. 
exp.  in  job  offered  or  rel.  field  or 
2  yrs.  related  exp.  as  a  Systems 
Engineer,  Network  Administrator. 
Exp.  in  rel.  occupations  must 
include  proven  ability  to  perform 
job  duties.  BS  or  foreign  equiv.  or 
MS  &  3  yrs.  exp.  in  Comp.  Science/ 
App,  Comp  Engg.,  Math.,  Physics, 
Chemistry  or  Sc.  rel.  acceptable. 
May  work  at  unanticipated  loca¬ 
tions  in  the  US.  Submit  resume 
to  North  Metro,  J.O.#  7012247, 
2943  N.  Druid  Hills  Rd.,  Atlanta, 
G  A  30329  or  the  nearest  Dept  of 
Labor  Field  Service  Office. 


Systems  Analyst  (multiple 
openings),  in  Englewood  CO. 
Resp.  incl.  analyzing  user 
requirements,  procedures,  and 
problems  to  improve  existing 
computer  applications.  Req. 
Bachelors  Degree  in  Comp. 
Science  or  Eng.;  2+  yrs  exp. 
in  computer  based  system 
development;  knowledge  of 
MS-DOS,  MS  Windows 
NT/2000,  Unix/Linux,  C/C++, 
Visual  Basic,  Fortran,  Java,  Java 
Script,  HTML,  DHTML,  XML, 
SQL,  TCP/IP.  HTTP,  and  SSL 
Fax  res.  602-438-8493 


COMPUTER/IT 

Senior  Programmer  Analyst. 
(Memphis,  Tennessee).  Requires 
a  Bachelor's  degree  or  equivalent 
foreign  education  in  Computer 
Science  or  Computer  Information 
Systems  and  2  years  of  experi¬ 
ence  in  the  job  offered  or  2  years 
of  experience  in  programming 
and  systems  analysis  for  VAX 
computer  systems.  All  stated 
experience  must  have  include 
developing  and  implementing  pro¬ 
grams  using  VAX  DCL  and  FOR¬ 
TRAN  on  VMS.  In  lieu  of  required 
Bachelor’s  degree,  will  accept  2 
years  of  university  level  credit  in 
any  scientific  or  technical  field 
and  2  additional  years  of  stated 
experience.  Engage  in  program¬ 
ming  and  systems  analysis  for 
VAX  computer  systems.  Use 
Virtual  Memory  System  (“VMS”) 
operating  system  with  respect  to 
VAX  computer  platform.  Develop 
and  implement  programs  using 
VAX  DCL  and  FORTRAN  on 
VMS.  Utilize  DECFORMS  to 
create  forms  within  a  VAX  envi¬ 
ronment.  Write  programs  using 
FORTRAN,  VAXDCL,  and  DEC- 
FORMS  which  retrieve  and  store 
information  onto  a  codasyl 
database.  40  hrs./wk.  8:00  am.  - 
5:00  p.m.  Salary  range:  $56,000/ 
yr.  to  $64,000/yr.  depending  on 
qualifications.  Send  resume  to 
International  Paper  Company, 
4100  Willow  Lake  Boulevard, 
Box  24,  Memphis,  Tennessee 


Programmer/Analyst:  4  Positions 
Job  requirements  include 
planning,  development,  testing  & 
documenting  software  applica¬ 
tions  using  programming  tech¬ 
niques  &  computer  systems; 
Formulate  requirements  based 
on  business  logic  and  user  input, 
consult  with  users  to  identify 
current  procedures  &  clarify 
program  objectives;  Implement 
applications  by  designing  and 
developing  websites  using  tools 
such  as  Visual  C++,  Visual  J++, 
COM/DCOM,  SERVLETS,  AP¬ 
PLETS,  CORBA.  Ml,  EJB, 
VISUAL  AGE,  J  BUILDER, 
JDBC,  ORACLE,  DB2, 
NETSCAPE  ENTERPRISE, 
WEB  SPHERE,  DNA  SERVER, 
MERCATOR,  ProC,  UNIX 
Scripting.  Salary:  $60,000/ 
annum.  40hrs/week,  in  Fort 
Lauderdale,  Required  BS 
Degree  in  Computer  Science  or 
equivalent  field  with  2  years  of 
work  experience. 

Programmer/Analyst:  2  Positions 
Seeking  a  JD  Edwards  Expert 
for  the  implementation  of 
conversion  from  Mass90  to  JD 
Edwards  One  World  Xe.  Other 
responsibilities  will  include  soft¬ 
ware  modifications,  customiza¬ 
tion,  reports  writing,  data  con¬ 
versions,  providing  hands  on 
training  and  support  to  the 
finance  staff  team.  Required 
skills  include  JD  Edwards,  and 
MS  Windows  2000.  JD  Edwards 
One  World  Xe  certification  is 
preferred.  Salary:  $60,000/ 
annum.  40hrs/week,  in  Fort 
Lauderdale.  Required  BS 
Degree  in  Science  or  Account¬ 
ing/Finance.  Must  also  have 
3  plus  years  experience  in 
Implementing  Financial  Systems. 

Mail/Fax  your  resume  to: 

A.  J.  Solutions,  Inc. 

5100  NW  33rd  Ave.,  Suite  249 
Ft.  Lauderdale,  FL  33309 
Fax:  954-730-7907 


PROGRAMMER  ANALYSTS 
required  for  our  Arlington  Heights 
office.  Design,  develop  and  main¬ 
tain  new  and  existing  software 
applications  using  Developer 
2000,  Designer  2000,  Visual 
Basic,  Oracle,  Cobol,  C++,  Erwin 
and  object  oriented  design 
Develop  and  implement  client/ 
server  applications  in  oracle 
financials  and  using  synchro¬ 
nization  techniques  in  Oracle 
tools  such  as  PL/SQL,  Developer 
2000  and  designer  2000;  write 
source  codes  based  on  design 
specifications,  research  feasibility 
of  new  products/features  and 
add  new  features  as  requested 
by  clients;  perform  unit,  system 
and  integration  testing  before 
release  and  correct  bugs;  Develop 
relational  database  system  in 
oracle,  Visual  Basic  and  Windows, 
Unix  environment.  Bachelors 
Degree  required  in  Math, 
Computers,  Engineering  or  any 
other  related  field  of  study  plus 
two  (2)  yrs  of  experience  in  the 
job  described  above.  40  hrs/wk. 
Must  have  proof  of  legal  authority 
to  work  permanently  in  the  U.S. 
Please  send  resume  and  cover 
letter  to  HR  Manager,  Terasoft 
International,  Inc.,  2015,  S. 
Arlington  Heights  Road,  #114, 
Arlington  Heights,  IL60005. 


DIRECTOR,  INFORMATION 
TECHNOLOGY  OPERATIONS 

TrizecHahn  Office  Properties,  Inc., 
seeks  a  Director,  Information 
Technology  Operations,  who  will 
develop,  organize,  plan,  and 
support  all  functions  of  IT 
Operations,  including  telecom¬ 
munications  and  system  design, 
programming,  installation,  oper¬ 
ation,  hiring,  and  system  main¬ 
tenance. 

Requirements:  The  candidate 
must  possess  a  related  Bachelor's 
Degree  and  six  years  of  related 
experience,  including  accounting 
financial  systems  conversion. 
Virtual  Private  Network  develop¬ 
ment  and  mobile  workforce  sup¬ 
port,  and  recruitment  of  systems 
managers  and  team  development. 

Please  fax  resumes  to  M.  Phelan 
(312)  466-9772. 


Banking 

MBNA  Hallmark  Information 
Services,  a  subsidiary  of  MBNA, 
the  world's  largest  independent 
credit  card  issuer,  is  accepting 
applications  for  several  Lead 
Database  Engineering  positions 

Duties:  Direct  a  project  team  by 
providing  technical  expertise 
and  leadership.  Ensure  that 
related  database  projects  comply 
with  overall  division  strategies 
and  goals  while  consistently 
prioritizing  the  workflow.  Prepare, 
execute,  and  evaluate  project 
plans,  proposals,  and  timelines. 
Conduct  long-range  planning 
sessions  to  identify  new  database 
products  to  enhance  the  envi¬ 
ronment. 

Requirements:  At  least  five  (5) 
years  of  progressive  experience 
in  database  development  and 
maintenance  and  a  four-year 
college  degree  or  equivalent 
technical  education.  Experience 
with  Unix  and  NT  operating 
systems  and  database  and/or 
application  development  software. 
Minimum  of  four  years  experi¬ 
ence  with  Sybase,  Informix, 
Oracle,  or  a  related  relational 
database. 

Please  forward  your  resume  and 
a  cover  letter,  referencing  source 
code  YNA991 267A,  to  Ms.  Sharon 
Alexander,  MBNA  Hallmark 
Information  Services,  1 1 00  North 
King  Street,  Wilmington,  DE 
1 9884-2234.  We  are  a  voluntary 
Equal  Opportunity/Affirmative 
Action  Employer,  M/F/D/V. 


JUNIOR  PROGRAMMER/ 
ANALYST  to  analyze,  design, 
develop,  implement,  and  maintain 
web-based  e-commerce  appli¬ 
cation  software  in  a  client/server 
environment  using  Object  Orient¬ 
ed  technologies,  C++.  Java, 
CORBA,  Orbix,  Oracle,  and  TCP/ 
IP  under  SUN  Solaris,  UNIX, 
Linux,  and  Windows  NT/2000 
operating  systems;  Perform  duties 
under  close  supervision  of  project 
director  to  ensure  accuracy  and 
that  project  progresses  according 
to  prescribed  instructions  and 
expected  results  are  met.  Require: 
B.S.  degree  in  Computer  Science, 
an  Engineering  discipline,  or  a 
closely  related  field  with  one 
year  of  experience  in  the  job 
offered.  Extensive  travel  on 
assignment  to  various  client 
sites  within  the  U.S.  is  required. 
Competitive  salary  offered. 
Apply  by  resume  to:  Vishy 
Dasari,  President,  Objectnet 
Technologies,  Inc.,  1117 
Perimeter  Center  West,  #N402, 
Atlanta,  GA  30338;  Attn:  Job  SK. 


Applications  Database  Adminis¬ 
trator:  Analyze,  design,  develop 
and  test  software  programs, 
stored  procedures  and  reports 
for  financial  business  solutions 
using  MF  COBOL,  embedded 
SQL,  C  and  PL/SQL.  Monitor 
processes  using  UNIX  scripting 
and  scheduling.  Conduct  appli¬ 
cation  version  management  and 
distribution  management  of 
multiple  databases  including 
optimization  of  database  perfor¬ 
mance,  maintenance  of  data¬ 
base  security  and  integrity. 
Sal:$53,000/yr.(overtime  exempt); 
37.5  hrs/wk.,  8:30  am  -  4:45  pm 
Mon-Fri.  Requirements:  Bache¬ 
lor's  degree  in  Computer  Science 
or  Mathematics  and  1  year  exp. 
in  job  offered  or  as  a  Programmer 
Analyst.  1  year  exp.  must  include 
use  of  C,  PL/SQL  and  MF 
COBOL.  Location:  Chicago,  IL 
Loop.  Applicants  must  show 
proof  of  legal  authority  to  work  in 
the  U.S.  To  apply  send  2  copies 
of  both  resume  and  cover  letter 
to:  Illinois  Dept,  of  Employment 
Security,  401  S.  State  St.,  7 
North,  Chicago,  IL  60605,  Attn: 
Lydia  Clarke,  Reference  #V-IL 
28522-E.  An  employer  paid  ad. 


COMPUTER/IT 

SAP  Developer  (Memphis,  Ten¬ 
nessee).  Requires  a  Bachelor’s 
degree  (or  higher)  or  equivalent 
foreign  education  in  Computer 
Science,  Engineering,  Business 
Administration,  or  Management 
Information  Systems,  and  2 
years’  experience  in  the  job 
offered  or  2  years'  experience  in 
ABAP/4  programming  in  Human 
Resources  module  including 
payroll  clusters  and  benefits 
administration  using  Screen- 
Painter.  Experience  must  have 
included  1  year’s  work  with  each 
of  the  following.  WORKPLACE 
including  ESS  and  ITS;  and 
SMARTFORMS.  Engage  in 
ABAP/4  programming  in  Human 
Resources  module  including 
payroll  clusters  and  benefits 
administration  using  Screen- 
Painter  and  SMARTFORMS. 
Engage  in  programming  in 
WORKPLACE  including 
employee  self-service  (ESS)  and 
internet  transaction  server  (ITS). 
Tune  reports  using  ABAP  per¬ 
formance  tuning  techniques  and 
code  reviews  and  maximize 
efficiency  of  SAP  Oracle  data¬ 
base  environment.  Troubleshoot 
problems  in  SAP  human  re¬ 
sources,  payroll,  and  workplace 
processes.  40  hrs./wk/  8:00- 
5:00.  Salary  range:  $70,000/yr. 
to  $78,000/yr.  depending  on 
qualifications.  Apply  with  resume 
to:  International  Paper  Company, 
4100  Willow  Lake  Boulevard, 
Box  24,  Memphis,  Tennessee 
38118. 


Multiple  openings  for  IT  profes¬ 
sionals  with  industry  exp.  (various 
skills  combination  reqd.)  in  VC++, 
SQR,  HP-Unix,  Pro*C,  HP-9000, 
Oracle  7.x,  DRS  6000/Unix 
SVR4.2  etc.  Some  positions 
require  MS  or  equiv.  CS,  Comp. 
Engg.,  Bus.  Admin,  or  rel.  field. 
Others  require  BS  or  equiv.  as 
above.  Pay  matching  exp.  Foreign 
educ.  equiv  &/or  combination 
of  educ/exp.  accepted.  Travel/ 
relocation  reqd.  Resume  & 
salary  expectations  to  Data 
Dynamics,  Inc.,  4195  Regency 
Park  Ct„  Atlanta,  GA  30341. 


SOFTWARE  ENGINEER 

Software  engineer  to  design, 
develop  and  test  computer 
programs  for  business  applica¬ 
tions;  analyze  software  require¬ 
ments  to  determine  feasibility 
of  design;  direct  software  system 
testing  procedures  using  expertise 
in  Java,  Oracle  and  JavaScript. 
Requirements:  Bachelor's  Degree 
or  equivalent  in  Computer  Science 
or  related  field  and  two  years 
experience  as  a  software  engi¬ 
neer  or  computer  programmer, 
knowledge  of  Java,  Oracle  and 
JavaScript.  Salary:  $66,000/ 
year.  Working  Conditions:  8:00 
A.M.  to  5:00  P.M.,  40  hours/ 
week,  involves  extensive  travel 
and  frequent  relocation.  Apply: 
Manager,  Westmoreland  County 
CareerLink,  300  East  Hillis 
Street,  Youngwood,  PA  15697- 
1 808,  Job  No.  WEB1 99678. 


QA  Manager 

Houghton  Mifflin  Company  is 
seeking  a  Manager,  Information 
Technology  Quality  Assurance, 
for  our  Boston,  Massachusetts 
office,  who  will  be  responsible  for 
providing  quality  assurance  for 
Houghton  Mifflin  Company  IT 
systems.  The  incumbent  will  re¬ 
search,  design,  and  develop 
a  quality  assurance  process  to 
support  Houghton  Mifflin  Com¬ 
pany  information  and  technolo¬ 
gies.  Send  resumes  to:  Nicole 
Sherman,  Houghton  Mifflin 
Company,  222  Berkeley  Street, 
Boston,  MA  02116;  Fax:  (617) 
351-1 1 06  or  email:  Nicole_Sher- 
man@hmco.com.  Houghton  Mif¬ 
flin  Company  has  a  strong  and 
proud  commitment  to  diversity. 


PROGRAMMER/ANALYST  to 
analyze,  design,  develop,  imple¬ 
ment,  and  maintain  web-based 
application  software  in  a  client/ 
server  environment  using  Object 
Oriented  techniques,  ASP,  VB 
Script,  Java  Script,  HTML,  Visual 
Interdev,  VisualBasic,  SQLServ¬ 
er,  Oracle,  and  Crystal  Reports 
under  Windows  95/98/NT/2000 
operating  systems.  Require: 
Bachelor's  degree  in  Computer 
Science/Engineering,  Business 
Administration,  or  a  closely 
related  field  with  two  of  years 
experience  in  the  job  offered  or 
as  Programmer.  Extensive  travel 
on  assignment  to  various  client 
sites  within  the  U.S.  is  required. 
Competitive  salary  offered.  Apply 
by  resume  to:  Vishy  Dasari, 
President,  Objectnet  Technolo¬ 
gies,  Inc.,  1117  Perimeter  Center 
West,  #N402,  Atlanta,  GA 
30338;  Job  VR. 


SOFTWARE  ENGINEER 

Software  engineer  to  design, 
develop  and  test  computer 
programs  for  business  applica¬ 
tions;  analyze  software  require¬ 
ments  to  determine  feasibility 
of  design;  direct  software  system 
testing  procedures  using 
expertise  in  C++,  Sybase  and 
JSR  Requirements:  Bachelor's 
Degree  or  equivalent  in 
Computer  Science  or  related 
field  and  two  years  experience 
as  a  software  engineer  or 
computer  programmer,  knowl¬ 
edge  of  C++,  Sybase  and  JSP. 
Salary:  $66, 000/year.  Working 
Conditions:  8:00  A.M.  to  5:00 
P.M.,  40  hours/week,  involves 
extensive  travel  and  frequent 
relocation.  Apply:  Manager, 
Indiana  Job  Center,  350 
North  Fourth  Street,  Indiana, 
PA  15701-2000,  Job  No. 
WEB1 99691. 


COMPUTER/IT 

Development  Manager  (White 
Plains,  New  York)-  Requires 
Bachelor’s  degree  (or  equiv. 
foreign  educ.)  in  Computer 
Science,  Computer  Eng.,  or 
Electronics  Eng.  &  4  years  of 
exp.  in  the  job  offered  or  4  years 
of  exp.  developing  information 
mgmt.  systems  for  investment 
mgmt.  &  brokerage  operations. 
Exp.  must  include  2  years  exp. 
in  each  of  the  following:  use  of 
Nomad  on  VM/CMS  operating 
system;  Delphi  2.0;  ADP's  BPS 
&  PSR  systems;  &  Bottomline’s 
Paybase  system.  (Exp.  may,  but 
need  not  be,  concurrent.)  Manage 
team  of  developers  &  database 
administrators  to  develop,  imple¬ 
ment,  &  maintain  cash  mgmt., 
trade  processing,  &  operations 
mgmt.  computer  systems.  40 
hrs./wk.  8:30  a.m.  -  5:30  p.m. 
Apply  with  resume  to:  Alliance 
Capital  Management  L.P.,  Attn: 
Karen  Mooney,  1 345  Avenue  of 
the  Americas,  46th  Floor,  New 
York,  New  York  10105. 
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IT  CAREERS 


Systems  Analyst.  Duties:  Analyze, 
design,  develop  &  implement 
business  requirements  for 
computer  system  database  for 
credit  card  consumer  lending 
ind.  using  Capstone  software. 
Perform  data  mapping  &  database 
tables  using  Oracle.  Perform 
online  system  testing  using 
Capstone.  Perform  maint.  & 
provide  support  for  system. 
Requires:  B.S.  (or  foreign  equiv.) 
in  Comp,  or  Info.  Sci  .  Bus. 
Admin.,  Eng.  or  related  field  &  2 
yrs  exp.  in  the  job  offered  or  2 
yrs.  exp.  as  a  Consultant.  Con¬ 
current  exp.  must  incl.  2  yrs.  exp. 
analyzing  business  require¬ 
ments  for  computer  systems  &  2 
yrs.  exp.  using  Oracle.  EOE.  40 
hrsVwk;  8:00  a  m.  to  5:00  p.m. 
Send  resume  (no  calls)  to: 
Amy  Quinn,  CTG,  Inc..  9432 
Baymeadows  Rd.,  Suite  240, 
Jacksonville,  FL  32256-7988. 

PeopleSoft  Senior  Consultant. 
Job  location:  Chicago,  IL.  Duties: 
Analyze,  design,  develop  & 
implement  software  solutions  for 
PeopleSoft  HR  modules  using 
SQR,  PeopleCode  &  SQL 
Perform  application  design,  set-up 
&  testing  using  PeopleSoft, 
Visual  Basic  &  Oracle  database. 
Perform  troubleshooting  of  system 
&  provide  post-prod  support. 
Requires:  M.S.  in  Comp,  or  Info 
Sci.,  Eng.,  or  related  field  &  1  yr. 
exp.  in  the  job  offered  or  1  yr.  exp 
as  a  Consultant,  Software  Eng. 
or  Developer.  Concurrent  exp. 
must  incl.  1  yr.  exp.  designing, 
developing  &  implementing 
PeopleSoft  modules  &  1  yr.  exp. 
using  PeopleSoft.  EOE.  40 
hrs./wk.;  8:00  a.m.  to  5:00  p.m. 
Send  resume  (no  calls)  to:  Diane 
Tuccito,  AnswerThink,  Inc.,  817 
W.  Peachtree  St.,  Ste.  800, 
Atlanta,  GA  30308.  Must  have 
legal  auth.  to  work  in  U.S. 

COMPUTER/IT 

Programmer  Analyst  (White 
Plains,  New  York)-  Requires 
Bachelor's  degree  (or  equiv. 
foreign  educ.)  in  Mathematics, 
Computer  Eng.,  or  Computer 
Science  &  3  years  of  exp.  in  the 
job  offered  or  3  years  of  exp.  as 
a  systems  developer,  systems 
programmer  analyst,  or 
programmer  analyst.  Exp.  must 
include  6  months  in  the  financial 
services  industry  in  any  capacity; 

&  6  months  using  Delphi  2.0. 
Visual  Basic,  &  SQL.  (Exp.  may. 
but  need  not  be,  concurrent.)  40 
hrs./wk.  8:30  a.m.  -  5:30  p.m. 
Apply  with  resume  to:  Alliance 
Capital  Management  L.P..  Attn: 
Karen  Mooney,  1 345  Avenue  of 
the  Americas,  46th  Floor,  New 
York,  New  York  1 01 05. 

SOFTWARE  ENGINEER 
Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements 
to  determine  feasibility  of  design; 
direct  software  system  testing 
procedures  using  expertise 
in  JavaScript,  DB2,  PL/SQL. 
Requirements:  Bachelor's  Degree 
or  equivalent  in  Computer  Science 
or  related  field  and  two  years 
experience  as  a  software  engineer 
or  computer  programmer, 
knowledge  of  JavaScript,  DB2, 
PL/SQL.  Salary:  $66,000/year. 
Working  Conditions:  8:00  A  M.  to 
5:00  RM„  40  hours/week,  involves 
extensive  travel  and  frequent 
relocation.  Apply:  Manager, 
Indiana  Job  Center,  350 
North  Fourth  Street,  Indiana,  PA 
15701-2000,  Job  No. 
WEB200307. 

SENIOR  SOFTWARE  ENGI¬ 
NEER  to  lead  a  team  in  the 
design,  development,  testing, 
and  maintenance  of  application 
software  using  Java,  C,  C++, 
Oracle,  VisualBasic,  CORBA 
and  DB2/400  under  Windows 
NT  and  UNIX  operating  systems; 
Supervise  and  mentor  junior 
programmers  and  engineers. 
Require:  B.S.  degree  in  Computer 
Science,  an  Engineering  disci¬ 
pline,  or  a  closely  related  field 
with  five  years  of  progressively 
responsible  experience  in  the  job 
offered  or  in  the  related  occupation 
of  Programming/Analyst  or 
Programmer.  Extensive  travel  on 
assignments  to  various  client 
sites  within  the  U.S.  is  required. 
Competitive  salary  offered. 
Apply  by  resume  to:  Rajender 
Gaddam,  Director  of  HR.  Orpine 
Enterprises,  LLC,  1 004  Crooked 
Creek  Court,  Mableton,  GA 
30126;  Attn:  Job  EC. 

SOFTWARE  ENGINEER 
Software  engineer  to  design, 
develop  and  test  computer 
programs  for  business  applica¬ 
tions;  analyze  software  require¬ 
ments  to  determine  feasibility  of 
design;  direct  software  system 
testing  procedures  using  expertise 
in  C++,  Swing,  Java  and  SQL 
Server.  Requirements:  Bachelor's 
Degree  or  equivalent  in  Computer 
Science  or  related  field  and  two 
years  experience  as  a  software 
engineer  or  computer  program¬ 
mer,  knowledge  of  C++,  Swing, 
Java  and  SQL  Server.  Salary: 
$66, 000/year.  Working  Condi¬ 
tions:  8:00  A.M.  to  5:00  P.M.,  40 
hours/week,  involves  extensive 
travel  and  frequent  relocation. 
Apply:  JS  Supervisor,  Greene 
County  Team  PA  CareerLink,  4 
West  High  Street,  Waynesburg, 
PA  15370-1324,  Job  No. 
WEB1 99681. 

SPL  WorkGroup  is  an  interna¬ 
tional  builder  of  customer 
information  systems  for  utility 
companies.  We  are  currently 
looking  for  individuals  with  DB2, 
Natural/Adabas,  Smalltalk,  Java, 
Cobol,  and  Javascript  skills  to 
work  in  our  development  centers 
in  California,  New  Jersey  and 
Illinois  as: 

Programmer  Analysts 
Database  Administrators 
Software  Engineers 

Project  Leaders 
Designers 

Architects 

System  Analysts 

SPL  WorldGroup,  Inc. 

75  Hawthorne  Plaza,  Suite  2000 
San  Francisco,  CA  941 05 

Attn:  Jennifer  Bowman 
Fax:415-541-0224 

E-mail: 

jemifer_bowman  @  sptwg.com 

SENIOR  DATABASE  ANALYST 
to  analyze,  design,  develop, 
implement,  support,  customize 
and  administer  Oracle  database 
systems  and  applications, 
focusing  on  HR,  GL,  PO  and  AP 
modules,  using  Oracle  Financials, 
Forms,  Reports,  PL/SQL, 
Pro-Cobol  and  Designer2000 
under  UNIX.  Windows  and  VAX 
operating  systems.  Require: 
Bachelor's  degree  in  Computer 
Science/Engineering,  Business 
Administration,  or  a  closely 
related  field,  with  5  years  of 
progressively  responsible  expe¬ 
rience  in  the  job  offered  or  as  a 
Systems  Analyst.  Extensive  travel 
on  assignment  to  various  client 
sites  within  the  U.S.  is  required. 
Competitive  salary  offered. 
Apply  by  resume  to:  Diane 
McHugh,  Business  Manager, 
BOSS  Corp.,  6455  E.  Johns 
Crossing,  Suite  404,  Duluth,  GA 
30097;  Attn:  JobVN. 

SOFTWARE  ENGINEER 
Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements 
to  determine  feasibility  of  design; 
direct  software  system  testing 
procedures  using  expertise 
in  Java,  Oracle,  JavaScript 
and  WebLogic.  Requirements: 
Bachelor's  Degree  or  equivalent 
in  Computer  Science  or  related 
field  and  two  years  experience 
as  a  software  engineer  or 
computer  programmer,  knowl¬ 
edge  of  Java,  Oracle,  JavaScript 
and  WebLogic.  Salary:  $66,000/ 
year.  Working  Conditions:  8:00 
A.M.  to  5:00  P.M.,  40  hours/ 
week,  involves  extensive  travel 
and  frequent  relocation.  Apply: 
Fayette  County  Team  PA 
CareerLink,  Attn:  JS  Supervisor, 
32  Iowa  Street,  Uniontown, 
PA  15401-3513,  Job  No. 
WEB1 99668. 

Software  AG,  Inc.  is  recruiting  for 
all  types  of  Systems  Analysis 
Consultants,  Staff  Consultants, 
Project  Managers/Leaders, 
System/Software  Engineers, 
Quality  Assurance  and  R&D 
Specialists,  Programmer/Analysts 
and  other  computer  science 
professionals. 

We  have  offices  throughout  the 
U.S.  including:  Reston,  VA;  Atlanta; 
Chicago;  Dallas;  Sacramento, 
San  Ramon  and  Irvine,  CA;  and 
Denver. 

Resume  to:  Software  AG,  Inc., 
ATTN:  HR,  Computerworld  Ad, 
11 190  Sunrise  Valley  Dr.,  Reston. 
VA  20191.  Fax:  703-391-8340. 
For  additional  information,  find  us 
under  Computer,  or  visit  ourWeb 
site:  www.softwareagusa.com. 

SOFTWARE  ENGINEER 
Software  engineer  to  design, 
develop  and  test  computer  pro¬ 
grams  for  business  applications; 
analyze  software  requirements 
to  determine  feasibility  of  design; 
direct  software  system  testing 
procedures  using  expertise  in 
Oracle,  C++  and  TCP/IP. 
Requirements:  Bachelor's  Degree 
or  equivalent  in  Computer  Science 
or  related  field  and  two  years 
experience  as  a  software  engi¬ 
neer  or  computer  programmer, 
knowledge  of  Oracle,  C++  and 
TCP/IP.  Salary:  $80, 000/year. 
Working  Conditions:  8:00  A.M. 
to  5:00  PM.,  40  hours/week, 
involves  extensive  travel  and 
frequent  relocation.  Apply:  Man¬ 
ager,  Beaver  County  Team  PA 
CareerLink,  2103  Ninth  Ave, 
Beaver  Falls,  PA  15010-3957, 
Job  No.  WEB1 99673. 

PROGRAMMER/ANALYST  to 
analyze,  design,  develop,  imple¬ 
ment,  and  maintain  web-based 
application  software  in  a  client/ 
server  environment  using 
Object-Oriented  technologies, 
ActiveX,  COM/DCOM,  Visual 
Interdev,  ASP,  HTML/DHTML, 
Oracle,  SQL  Server,  and  XML 
under  Windows  NT/2000  operat¬ 
ing  systems.  Require:  Bachelor's 
degree  in  Computer  Science/ 
Engineering,  Business  Adminis¬ 
tration,  or  a  closely  related  field 
with  two  years  of  experience 
in  the  job  offered  or  as  a 
Programmer.  Extensive  travel 
on  assignment  to  various  client 
sites  within  the  U.S.  is  required. 
Competitive  salary  offered. 
Apply  by  resume  to:  Vishy 
Dasari,  President,  Objectnet 
Technologies,  Inc.,  1 1 17  Perime¬ 
ter  Center  West,  #N402,  Atlanta, 
GA  30338;  Attn:  Job  VK. 
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Senior  Data  Warehouse 

Developer 

Use  COBOL,  SQL,  DB2,  and 
data  modeling  tools  to  analyze, 
design,  and  develop  corporate 
data  warehousing  programs. 
Develops  and  designs  data 
extraction,  cleaning,  modification, 
movement  and  storage  programs 
and  supports  client  area  business 
intelligence  tool  use.  Job  requires 
experience  with  computer  hard¬ 
ware,  software  languages  and 
operating  systems,  computer 
programming  skills,  coding, 
programming/processing  logic 
of  corporate-based  computer 
systems;  experience  with 
computer  database  environment 
and  multiple  database  manage¬ 
ment  systems  (i.e.  DB2,  SQL, 
Oracle,  Nucleus,  etc.)  Require¬ 
ments:  Bachelor's  Degree  in 
Computer  Science  or  related 
field  plus  three  (3)  years  experi¬ 
ence.  $62,500/year.  M-F,  8  hours/ 
day.  Mail  resume  to  Physicians 
Mutual  Insurance  Company,  do 
Human  Resources,  2600  Dodge 
Street,  Omaha,  NE  68131. 


PROGRESS  SOFTWARE  CORP. 
is  seeking  a  qualified  software 
professional  to  fill  the  following 
position:  Manager  Customer 
Tech  Services  -  Latin  America 
Responsible  to  manage  commu¬ 
nications  with  subsidiaries  and 
distributorships  located  through¬ 
out  Latin  America.  Act  as  a  liaison 
between  the  customers  in  Latin 
America  and  company  product 
planning  processes  in  US.  Mon¬ 
itor  technical  support  issues 
managing  the  resolution  of 
complex  technical  issues.  Develop 
special  technical  training  pro¬ 
grams  for  technology  products 
including  PROGRESS  4GL,  Java, 
HTML,  Actuate  and  CorVu  Soft¬ 
ware.  Train  staff  in  sales/support 
throughout  Latin  America.  Bach¬ 
elor  degree  CS/Engineering/ 
Math  or  related  and  two  years  of 
experience  in  the  job  offered  or 
as  a  Tech  Accts  Mgr/Tech  Supp 
for/in  Latin  America.  Position 
based  in  Boca  Raton,  FL.  Fluency 
in  Spanish.  Contact:  C.  Ward, 
Progress  Software,  14  Oak  Park, 
Bedford,  MA  01730  or  FAX 
resume  to  781  280-4035. 


Software  Engineers  and 
Developers  Needed 

Design  and  develop  ENOVIA'S 
Application  Software.  ENOVIA  is 
a  leader  in  developing  and 
implementing  innovative  Digital 
Enterprise  Solutions.  ENOVIA’S 
Cutting  Edge  solutions  include 
WEB  based  Digital  applications 
designed  to  help  manufacturers 
create,  manage,  communicate 
and  digitally  simulate  all  aspects 
of  the  product  life  cycle. 

Requirements  for  various  level 
positions  include  degrees  in 
Computer  Science,  Engineering, 
or  a  closely  related  field.  Experi¬ 
ence  preferred  in  Java/C++, 
SQL,  Windows  NT  and  Unix. 

ENOVIA  offers  a  competitive 
salary  and  comprehensive 
benefits  package.  ENOVIA  is  an 
equal  opportunity  employer. 
Qualified  applicants  please 
forward  your  resume  and  salary 
requirements  to:  enoviahr@en- 
ovia.com 


Software  Engineer  wanted  by 
a  Telecommunications  co.  in 
Boston,  MA.  Must  have  a 
Master's  degree  in  Comp.  Sci.  or 
related  field  &  3  yrs.  exp.  as  a 
Software  Engineer/Software 
Developer  plus  exp.  with  the 
following:  programming  in  C++, 
GUI,  and  Windows  platform 
SDK,  COM,  XML,  ActiveX,  OOA, 
OOD  and  multithreading.  In  lieu 
of  a  Master's  degree,  we  will 
accept  equivalent  combination 
of  education  and  experience. 
Please  respond  to  Net2Phone, 
Inc.,  200  High  Street,  3  FI., 
Boston,  MA  02110.  Attn:  Matt 
Eichner  reference  #2. 


Banking 

MBNA  Hallmark  Information 
Services,  a  subsidiary  of  MBNA, 
the  world's  largest  independent 
credit  card  issuer,  is  accepting 
applications  for  several  Senior 
Technology  Analyst  positions. 

Duties:  Develop  and  enhance  new 
applications.  Maintain  up-to-date 
awareness  of  current  and  future 
direction  of  internal  division  and 
business  unit  strategy.  Identify 
areas  for  improvement  in  the 
production  environment  and 
work  with  management  to  im¬ 
plement  these  improvements. 
Act  as  project  lead  to  assist  staff 
in  the  development  lifecycle  and 
mentor  other  developers  in  the 
development  methodology.  Assist 
management  and  business  area 
staff  to  define  and  validate  appli¬ 
cation  requirements.  Create  and 
maintain  appropriate  support 
documentation  and  review  other 
developers'  documentation. 

Requirements:  Four-year  college 
degree  or  equivalent  required. 
Minimum  of  3  years  of  related 
experience  in  maintenance  and 
development  of  software  appli¬ 
cations;  experience  with  Microsoft 
C++,  Visual  Basic,  PowerBuilder, 
or  related  development  applica¬ 
tions  and  tools;  and  experience 
with  Unix  and  NT  operating 
systems  and  application  devel¬ 
opment  software. 

Please  forward  your  resume  and 
a  cover  letter,  referencing  source 
codeYNA991267,  to  Ms.  Sharon 
Alexander,  MBNA  Hallmark 
Information  Services,  1100  N. 
King  Street,  Wilmington,  DE 
1 9884-2234.  We  are  a  voluntary 
Equal  Opportunity/Affirmative 
Action  employer,  M/F/D/V. 


Web  Solutions  Lead  Program 
Integrator  -  Milwaukee.  Wisconsin 
Develops,  leads,  and  implements 
internet,  intranet,  and  extranet 
solutions  across  eBusiness 
programs  globally  for  global 
manufacturer  of  medical  diag¬ 
nostic  imaging  systems.  Leads 
the  assessment,  design,  and 
technical  execution  of  cross¬ 
functional  programs  to  achieve 
tangible  business  results. 
Integrates  and  leads  web 
solution  resources  aligned  with 
functional  teams.  Coordinates 
consulting  and  technical 
resources  on  and  offshore. 
Drives  technical  program  execu¬ 
tion  and  operating  mechanisms 
to  achieve  a  high  level  of  quality 
and  execution  mapped  to  critical 
business  objectives.  Required 
is  a  Bachelor  of  Science  degree 
in  Computer  Science  or 
Computer  Engineering.  Five  (5) 
years  of  progressive  post¬ 
baccalaureate  experience  as 
a  Programmer,  Programmer 
Analyst  or  Web  Developer.  As 
part  of  the  required  experience, 
the  applicant  must  have:  had 
experience  in  integrating 
web-based  applications;  had 
experience  with  HTML,  XML  and 
UNIX;  and  had  I  experience 
with  middleware  integration 
technologies.  Must  have  proof 
of  legal  authority  to  work  perma¬ 
nently  in  the  United  States. 
Please  submit  resume  and  cover 
letter  to  opportunities@ge.ca- 
reers.com  and  reference  this 
job  code  in  subject  line  of  email: 
GEMS/2601 52/AN030.  An 
Equal  Opportunity  Employer. 


SOFTWARE  ENGINEER 
(Atlanta,  GA)  to  design,  develop, 
analyze,  support,  test  and  modify 
local,  network  and  internet 
related  software  applications. 
Require:  Bachelor's  degree  (or 
foreign  equiv.)  in  Computer 
Science,  Electrical/Mechanical 
Engineering,  or  a  closely  related 
field,  with  a  demonstrated  ability 
to  perform  the  stated  duties 
gained  through  previous  work 
experience  or  academic  course- 
work  and  projects.  Hours:  8  am 
to  5  pm,  M-F.  Send  resume  to: 
KM-HR,  CheckFree  Services 
Corporation,  6000  Perimeter 
Drive,  Dublin,  OH  43017;  or 
e-mail  to  itcareers@check- 
free.com  ATTN:  JobPK 
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Senior  Software  Engineer  - 
Milwaukee.  Wisconsin 
Participates  on  a  software 
platform  team  to  design  the  next 
generation  of  medical  equipment 
software  architecture  using 
leading  edge  software  technolo¬ 
gies.  including  Java,  CORBA 
and  Linux.  Defines  generic, 
reusable  and  distributed  compo¬ 
nents  to  provide  a  common 
software  platform  to  be  reused 
across  the  modality  of  the 
segment  product  lines  and  in 
a  global  team  of  engineers. 
Works  closely  with  the  system 
team  to  generate  software 
requirements  for  the  platform, 
to  maximize  the  synergy  of  the 
platform  across  product  lines 
and  to  ensure  the  scalability 
of  new  software  components 
Leverages  Six  Sigma  methodol¬ 
ogy  to  improve  the  quality  and 
the  robustness  of  the  platform 
continuously.  Required  is  a 
Bachelor  of  Science  degree 
in  Electrical  or  Electronic 
Engineering,  or  in  Computer 
Science.  Two  (2)  years  of 
experience  as  a  Software 
Developer,  Design  Engineer,  or 
Systems  Specialist.  As  part  of 
the  experience  being  required, 
the  applicant  must  have!  had 
experience  in:  requirements 
gathering,  designing  and  devel¬ 
oping  software  utilizing  various 
programming  languages,  includ¬ 
ing  C/C++  and  Java;  working 
with  operating  systems,  includ¬ 
ing  VxWorks;  working  with  NT 
and  Unix  platforms;  working  with 
object  oriented  design  method¬ 
ology;  and  working  with 
ClearCase.  Must  have  proof 
of  legal  authority  to  work  perma¬ 
nently  in  the  United  States. 
Please  submit  resume  and  cover 
letter  to  opportunities  @ge.ca- 
reers.com  and  reference  this 
job  code  in  subject  line  of  email: 
GEMS/2601 51/AN030.  An 
Equal  Opportunity  Employer. 


Banking 

MBNA  Hallmark  Information 
Services,  a  subsidiary  of  MBNA, 
the  world's  largest  independent 
credit  card  issuer,  is  accepting 
applications  for  several  software 
engineering  positions. 

Duties:  Develop  and  code  new 
applications.  Maintain  legacy 
applications.  Resolve  problems 
with  production  applications  and 
monitor  application  performance. 
Analyze  and  evaluate  business 
requirements  and  assist  with 
project  planning  and  walkthroughs. 
Create  and  maintain  appropriate 
support  documentation  and 
ensure  strict  adherence  to 
Corporate  and  departmental 
polices  and  procedures. 

Requirements:  Four-year  college 
degree  or  equivalent.  Minimum 
of  2  years  of  related  experience 
in  maintenance  and  development 
of  software  applications;  experi¬ 
ence  with  Microsoft  C++,  Visual 
Basic,  PowerBuilder,  or  related 
development  applications  and 
tools;  and  experience  with  Unix 
and  NT  operating  systems  and 
application  development  software. 

Please  forward  your  resume  and 
a  cover  letter,  referencing  source 
code  YNA991 267B,  to  Ms.  Sharon 
Alexander,  MBNA  Hallmark 
Information  Services,  1100  N 
King  Street.  Wilmington,  DE 
19884-2234.  We  are  a  voluntary 
Equal  Opportunity/Affirmative 
Action  employer,  M/F/D/V. 


Symphony  Corporation,  head¬ 
quartered  in  Madison,  Wl 
presently  considering  candidates 
for  mid  &  senior  level  positions. 

•  Software  Engineers 

•  Programmer  Analysts 

•  Project  Managers 

•  Quality  Assurance  Technicians 

•  Fwd  resume  to  Symphony 
HR  Dept  @  608-294-9321  or 
email:  info  @  symphony.cc 
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Lead  Developer  Technical 
Specialist  (two  openings)  to 
research  new  technologies  & 
methods  for  company  &  our 
clients.  Will  define  business 
problems  for  our  clients  &  design 
&  manage  technical  solutions 
for  client  business  problems.  Will 
be  responsible  for  research, 
analysis,  design,  &  testing  of 
new  &  emerging  client/server  & 
web-based  technologies.  Will 
analyze  new  technologies  & 
create  specification  documents 
&  system  architecture  docu¬ 
ments  to  design  &  develop  new 
applications  &  systems.  Will 
develop  data,  functional  &  object 
models  for  system  architecture. 
Will  be  responsible  for  open 
systems  development  utilizing 
the  following  technologies:  C, 
C++  ,  UNIX,  Windows  NT, 
Oracle,  Sybase,  PowerBuilder, 
Visual  Basic,  &  Neuron  Data 
among  others.  Requirements: 
M.S.  in  CS,  Elect.  Eng.,  or  Comp, 
Eng,  &  1  yr  experience  in  job  of¬ 
fered  OR  1  yr  experience  ana¬ 
lyzing  or  testing  new  &  emerg¬ 
ing  client/server  or  web-based 
applications.  OR,  in  the  alterna¬ 
tive,  B.S.  in  CS,  Elect.  Eng.,  or 
Comp,  Eng  &  five  (5)  years  ex¬ 
perience  in  job  offered  OR  five 
(5)  years  progressive  experience 
analyzing  or  testing  new  and 
emerging  client/server  or  web- 
based  applications.  Candidate 
must  also  possess  demonstrated 
expertise  in  client/server  appli¬ 
cations  development  using 
object-oriented,  object  modeling 
case  tools  &  methodologies; 
demonstrated  expertise  in  using 
the  PFC  object  library  classes 
for  PowerBuilder  applications 
development;  &  demonstrated 
expertise  in  PL/SQL  &  C++ 
for  implementing  rule  based 
engines.  Sal:  $73,140/yr;  9a-5p. 
Send  2  resumes  to:  North 
Metro,  Job  Order  #  GA  7021673, 
2943  N.  Druid  Hills  Road, 
Atlanta,  GA  30329-3909,  or  the 
nearest  Department  of  Labor 
Career  Center  Office.  EOE. 
Applicants  must  have  proof 
of  legal  authority  to  work  in  the 
U.S. 


Sapiens,  a  leading  international 
provider  of  enterprise-wide 
e-business  solutions  for  the 
rapid  development  of  scalable, 
mission-critical  software  appli¬ 
cations,  has  openings  in  Cary  , 
NC.  Both  positions  require  25% 
travel. 

Sr.  Technical  Consultant  - 
Requires:  Degree  in  Computer 
Science,  Engineering  or  related 
field  or  equivalent  in  experience 
along  with  mainframe  program¬ 
ming  experience,  customer 
training,  sales  support,  system 
analysis  and  design  experience. 

Sr.  UNIX  System  Administrator- 
Requires:  Degree  in  Computer 
Science,  Engineering,  or  related 
field  Unix,  Sun,  Perl,  Korn  Shell, 
RS/6000,  C,  C++,Orade,  Informix, 
and  Local  Area  Networks  and 
Firewall  design 

Forward  resumes  in  HTML  or 
Plain  Text  -no  Attachments-  to: 

resumes@sapiens.com 

PRINCIPALS  ONLY  and 
NO  PHONE  CALLS 

Generous  benefits  and  com¬ 
petitive  compensation  package. 

EOE/AA,  M/F/D/V,  Principals 


HealthGate  Data  Corp.  has 
openings  in  its  Burlington,  MA 
office  for  XML7ASP  Developers 
who  have  at  least  3  years  of 
exper.  developing  software,  incl. 
exper.  w/  ASP,  Visual  InterDev 
and  XML.  Interested  candidates 
should  send  resume  to  Req# 
DGP2001 ,  Tammy  Caron,  Human 
Resources  Manager,  HealthGate 
Data  Corp.,  25  Corporate  Dr„ 
Suite  310,  Burlington,  MA  01 803. 


Software  Engineer  Positions  in 
New  York  area: 

Develop  complex,  multi-tiered 
applications,  especially  Internet 
applications  &  to  design  and 
troubleshoot  at  all  stages  of 
development.  Interact  w/customer 
to  understand  &  deal  w/any 
potential  complications  or  special 
requirements.  Formulate  & 
develop  application  design  using 
object  oriented  analysis  & 
design  techniques,  develop  & 
deploy  the  design  under  operating 
systems  UNIX  or  NT,  as  well  as 
conduct  application  engineering 
&  assist  customers  in  writing 
applications  using  assorted 
tools.  Some  travel  may  be 
required.  Requires:  BS  or  equiv 
in  CS,  Engineering,  or  related 
field  &  2  yrs  exp  in  position  of¬ 
fered  or  related.  Sr  level  requires: 
Master's  degree  in  CS,  Engi¬ 
neering,  or  related  field.  A  BS 
degree  &  5  yrs  of  post-bac¬ 
calaureate  progressive  exp  will 
substitute  for  Masters.  Rqrs 
knowl  in  server  side  Java  or  C++, 
knowl  in  developing  in  UNIX  or 
NT;  &  knowl  in  development 
using  object  oriented  analysis 
&  design  techniques.  Please 
submit  your  resume  &  salary 
requirements  to:  Melissa  Claeys, 
Art  Technology  Group,  One 
Broadway  St,  Cambridge,  MA 
02142;  Fax  (617)386-1112. 
Email  submittals  preferred  to 
mclaeys@atg.com.  Please  refer 
to  job  code  "NY1"  on  application. 
Please  visit  our  web  site  at 
www.atg.com.  Applicants  must 
have  proof  of  legal  authority  to 
work  in  the  US.  An  Equal 
Opportunity  Employer. 


InfiniSwitch  Corporation,  Inc.,  is 
a  leader  in  InfiniBand  switching 
technology  for  data  centers. 
InfiniSwitch  Corporation  is  com¬ 
mitted  to  delivering  world-class 
InfiniBand  (TM)  high  performance 
Storage  and  System  Area 
Network  switch  solutions  for 
commodity  server  farms  and 
clusters.  Our  people  make  us 
strong,  our  expertise  and  inno¬ 
vation  make  us  fast,  and  our 
experience  and  vision  keep  us 
on  target  to  deliver  world-class 
products.  We  are  currently  seek¬ 
ing  Software  Engineers  to  report 
to  our  Director  of  Software. 

Our  Software  Engineers  will 
develop  software  for  the  Network 
Management  portion  of  our 
InfiniSwitch  device;  working  with 
SNMP  architectures;  developing 
a  MIB;  assisting  in  introducing 
new  InfiniBrarid  (TM)  centric 
management  activities;  and 
working  on  Embedded  Systems 
Software  and  Drivers.  Reqs:  MS 
(or  equiv)  in  any  computer  or  en¬ 
gineering  field  and  three  years  in 
the  job  or  in  software  develop¬ 
ment  or  programming  OR  BS  in 
same  field  and  five  years  pro¬ 
gressive,  relevant  experience. 
Should  have  expertise  in  C  or 
TCL.  Also  must  have  expertise 
with  either  (1)  embedded  net¬ 
work  management  implementa¬ 
tion  OR  (2)  with  development  of 
driver  software  for  802. 1 D  bridge 
or  IP  routing  path  as  well  as 
working  with  Ethernet  VLAN 
implementation  and  LINUX. 
Interested  applications  may  send 
their  resume  to  Betty  Kochergin, 
InfiniSwitch  Corporation,  134 
Flanders  Road,  Westborough,  MA 
01581.  bkocherainQinfiniswitch. 
com:  F  508-870-3146. 


Full  time  Software/Web  Devel¬ 
oper  to  plan  and  develop  new 
computer  and  web  application  or 
upgrade  existing  computer  and 
web  application  using  Visual 
Basic  6.0,  C++,  Java,  HTML, 
JAVA  script,  VB  Script,  MS  Ac¬ 
cess,  Oracle  and  Dbase.  Must 
have  Bachelor's  degree  in  IT,  CS 
or  related  field.  Must  have  1  year 
of  exp.  in  position  or  position  with 
same  duties.  Salary:  $67,045/yr. 
Send  resume  to:  Malix  Information 
Technoiogy,  6050  McDonough 
Dr.,  #0,  Norcross,  GA  30045 
Attn:  Rashid  Malix. 


SOFTWARE  ENGINEER  Two 
(2)  presently  needed.  Researches, 
designs  and  develops  computer 
software  systems,  in  conjunction 
with  hardware  product  develop¬ 
ment,  for  industrial,  commercial, 
and  business  applications,  ap¬ 
plying  principles  and  techniques 
of  computer  science,  engineer¬ 
ing,  and  mathematical  analysis. 
Master  of  Science  in  Computer 
Science,  Engineering  or  Math- 
related  and  2  years  of  Software 
Engineering  experience,  or 
the  equivalent  (A  Bachelor  of 
Science  in  Computer  Science, 
Engineering,  or  Math-related 
followed  by  5  years  of  Progressive 
Software  Engineering  Experi¬ 
ence).  Must  be  able  to  travel  and 
work  at  client  site  for  many 
months  at  a  time.  Included  in  the 
2  years  job  experience  must 
have  2  years  experience  with 
C,C++,  Windows  SDK,  VC++, 
COM,  JAVA  and  ORACLE. 
$70, 000/year.  Apply  by  resume 
to  Murali  K.  Suddala,  President, 
Capricorn  Systems,  Inc..  3569 
Habersham-at-Northlake  Bldg. 
K,  Tucker  Georgia  30084. 


Computer  Programmer.  M.S. 
Computer  Science  or  related. 
Min.  2  yrs.  exp.  as  follows: 
designing  and  installing  networks; 
systems  administration;  Cisco 
2600  and  2500  series  routers: 
3Com  Layer  3  switch  (CoreBuilder 
3500);  3Com  Layer  switches 
(Super  Stack  3300  series);  Fast 
Ethernet  network  design  and 
installation;  Windows  NT  domain 
security,  remote  access  services, 
trust  relationships;TCP/IP,  SMTP/ 
POP3,  DNS,  DHCP,  WINS,  and 
internet  routing  protocols;  network 
management-SMS  and  MMC; 
Languages/Databases— C, 
Microsoft  Access;  Applications/ 
Application  Servers-Microsoft 
Internet  Information  Server  4, 
Microsoft  Exchange  Server, 
Microsoft  Proxy  Server,  Wintage 
Proxy  Server,  Winproxy  Internet 
proxy  server  and  firewall, 
MDaemon  Internet  mail  server, 
Microsoft  Frontpage  2000, 
Microsoft  Office  2000.  Sal. 
$69,700.  Send  resume  to:  Job  6, 
PO  Box  5275,  New  York,  NY 
10185-5275. 


Software  Engineer 

Analyze,  design,  develop  &  test 
software  for  GUI.  Develop  soft¬ 
ware  packages  for  CFD  appl., 
incl.  geometric  modeling,  solid 
modeling,  &  grid  generation  &  vi¬ 
sualization.  Create  direct  (proE, 
UniGraphics)  &  indirect  (CIF, 
DGSII,  DXF  &  IGES)  interfaces 
w/CAD  &  ECAD  design  tools. 
Must  have  M.S.  in  CS,  ME  or  rel. 
&  6  mos.  exp.  in  above  pos.  or  rel. 
w/abil.  to  use  C,  C++,  Unix, 
OpenGL,  Windows  NT,  Linux,  Vi¬ 
sual  C++,  CFD-ACE+. 

40.0  hr/wk.  8:00  -  5:00 

Applicants  send  resume  to: 

Kathy  Short 
HR  Manager 

CFD  Research  Corporation 
215  Wynn  Dr. 
Hunstville,  AL  35805 


♦ 


Software  Engineers  wanted  by 
consulting  co  in  Philadelphia, 
PA.  Must  have  Bachelor’s  degree 
in  Comp  Sci  or  Comp  Eng.  or 
any  engineering  field  and  3  yrs 
of  software  related  experience. 
Respond  to:  Ravi  Jaganmohan, 
Object  Xperts,  2  Penn  Plaza, 
Suite  200,  Philadelphia,  PA  19102. 


VP,  Enterprise  Sales 
Founded  in  1996  address  the 
growing  cost  of  software  and 
application  development  eRUN- 
WAY  defines,  designs,  develops, 
and  deploys  a  wide  range  of 
high-volume  software  solutions, 
drawing  on  highly  skilled  devel¬ 
opers,  engineers,  and  project 
managers  from  around  the 
world.  The  company  offers 
around-the-clock,  cost-effective 
software  and  application  devel¬ 
opment  services  through  its 
Advanced  Technology  Centers 
in  the  U.S.  and  offshore.  We  are 
currently  seeking  a  VP  Enter¬ 
prise  Sales  to  lead  and  manage 
our  business  development  team 
and  devise  company  marketing, 
sales,  revenue  goals.  Candidates 
must  have  expertise  in  business 
management/development  and 
in  offshore  technology  services 
delivery.  Bachelor's  degree  (or 
equiv)  in  tech  or  engineering 
field  and  MBA  9or  equiv) 
required  as  well  as  six  years 
relevant  experience  in  biz  devel¬ 
opment  for  IS/IT  related  firms. 
Frequent  domestic/int'l  travel. 
Send  resumes  to  Director  of 
Human  Resources,  eRunway, 
Inc.,  2000  West  Park  Drive, 
Westborough,  MA  01581.  FAX 
1-508-366-9901. 


Multiple  openings  for  Prog/Sys 
Analysts,  DBA's,  Sys/Admin  and 
S/W  Engineers  to  design/develop 
S/W  appls  using  some  of  the 
following  -  Cobol,  CICS,  DB2; 
Java,  PB,  HTML,  XML;  data 
warehousing,  cognos;  wireless/ 
web  technologies;  C++,  VB, 
Developer  2000;  SAP,  ABAP/4; 
Oracle/Sybase/Informix  DB 
admin;  Unix/NT  system  admin; 
Net. Commerce,  MQSeries, 
Websphere;  BS/MS  or  equiva¬ 
lent  in  CS,  Engg,  Science, 
Math  or  Bus  Admin  req.  Salary 
commensurate  with  exp.  F/T. 
Travel/relocation  involved. 
Resumes  to:  HR,  Smartsoft 
International  4898  South  Old 
Peachtree  Road,  Suite  200, 
Norcross,  GA  30071 . 


Software  Engineer 
Design,  implement  and  test 
embedded  software  for  high 
performance  wireless  switching 
product.  Must  have  Master’s 
degree  in  CS,  CE,  EE  or  related 
degree.  Employer  will  accept 
Master’s  degree  or  its  equivalent 
in  a  Bachelor’s  degree  followed 
by  five  yrs  progressive  experi¬ 
ence  in  the  field.  Send  resume 
to  Vijay  Kathuria,  NuLink,  Inc., 
1 87  Ballardvale  Street,  Wilming¬ 
ton,  MA  01887 


NorthPoint  Domain  Inc.,  in  Boston, 
a  web  technology  company 
focused  on  ten  specialty  markets 
is  in  need  of  a  Vice  President, 
Operations  Development.  This 
individual  will  manage  all  aspects 
of  the  technology  team  and 
the  web  product  development 
process,  as  well  manage  the 
operations  and  member  services 
functions.  College  Degree,  pro¬ 
ject  management  and  industry 
experience  required.  Interested 
candidates  should  forward 
resume  to:  HR  Manager,  Human 
Resources  and  Office  Adminis¬ 
tration,  North  Point  Domain  Inc., 
One  Joy  Street,  Boston,  MA 
02108;  careers@npdinc.com. 
Phone  inquires  will  not  be 
accepted. 


Call  your 
ITcareers  Sales 


Representative 

1-800-762-2977 


Several  computer  related 
positions  available  for  large 
transportation  and  logistics 
services  company.  Degree, 
technical  skills  &  experience 
vary  per  positions.  Send  re¬ 
sume  to  Human  Resources, 
Ref.#  SK(G)  at  United  Parcel 
Service,  2010  Warsaw 
Road,  Roswell,  GA  30076. 


Junior  Consultant,  Development. 
Assist  in  the  design,  development, 
implementation  and  maintenance 
of  workflow  technologies  based 
upon  the  analysis  of  business 
requirements  and  emerging 
technologies.  Requires:  M.S. 
degree  in  Comp,  or  Info.  Science 
or  related  field.  Coursework 
must  include  graduate  classes 
in:  Operating  Systems,  Data 
Communication  Networks  and 
Software  Components  &  Data 
Structure.  EOE.  40  hrs/wk. 
Salary:  $53,000/yr.  Send  resume 
(no  calls)  to:  KB,  HealthScribe, 
Inc.,  403  Glenn  Drive,  Suite  10 
Sterling,  VA  20164. 


Kama  Consulting  Inc. 

TOP  $$•$,  W2  or  1099 

We  are  a  fast  growing 
Consulting  company  based 
in  New  Jersey. 
Excellent  opportunities  for 
Programmers, 

Systems  Analysts,  DBAs. 

Sun  Solaris  System  Admins, 
Natural,  Powerbullder, 
ADABAS,  ORACLE,  SYBASE, 
PROGRESS,  COBOL 
TCP/IP,  Delphi/VB,  Windows  NT 

Send  your  resume  to 
Rod  McFadden 
Kama  Consulting 
Fax:201-934-7166 
EmaikKamaco  @  aol.com 


Compsoft  Technology  Solutions 
Group,  Inc.  seeks  experienced 
Programmer  Analysts,  DBAs 
and  Software  Engineers  to 
develop  and  design  software 
systems  using  some  of  the 
following:  C,  C++,  VB,  Oracle, 
Developer  2000,  Java,  PL/SQL, 
MS  Access,  MS  SQL,  internet/ 
wireless  technologies,  Windows/ 
UNIX  admin  for  Datawarehousing 
etc.  Require  BS/MS  or  foreign 
equiv.  Highly  competitive 
salaries,  some  travel  and 
relocation  to  client  sites  involved. 
Send  Resumes  to:  1 1  N  Roselle 
Road,  Schaumburg,  IL  60194. 
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Just  point  your 
mouse  to  the 
world’s  best 
IT  careers  site. 

Brought  to 
you  by 

Computerworld, 
Info  World  and 
Network  World. 

Find  out  more. 
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ITcareers  Sales 
Representative 
or  Janis  Crowley, 
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Your  best  investment 


is  your  professional  network. 


wins  2001 


Professional  Women’s 
Summit  &  Exposition 


October  24-25,  2001 

Hynes  Convention  Center  ▼  Boston,  MA 

For  more  information,  conference  package  pricing  or  to  register  for 
the  Professional  Women's  Summit  please  visit  us  at 
www.witi.com  or  call  toll-free  800.3  34. W1T1 

WITl  offers  a  dynamic  2-day  accelerated  program  that  will  provide  every  professional  women  with  the  essential  tools, 
opportunities,  insights  and  connections  to  achieve  her  goals.  Take  advantage  of  this  unique  occasion  to  network  with 
top  leaders  and  visionaries  utilizing  technology  to  succeed. 

Over  the  course  of  2  days  you  will  be  offered: 

►  Powerful  keynote  sessions 
►  Practical  skill-building  workshops 
►  Dynamic  roundtable  discussions 
►  Highly  interactive  panel  discussions 
►  Networking,  Networking,  Networking. 

I  have  learned  so  much  about  myself,  my  environment,  and  the  people  that  work  with  me  and 
live  with  me  from  this  Will  Conference.  The  only  thing  that  I  can  say  is  that  as  a  professional 
woman  in  any  technological  or  business  field,  you  MUST  attend  this  conference! 

Kathrine  Roberts,  Mainframe  Programmer,  West  Corporation 

Sign  up  for  the  Boston  Conference  before  September  21,  2001 
and  receive  a  s200  discount  off  the  at-the-door  price. 
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Dissecting  the 
Windows  2000  Server  Exam 


The  Installing,  Configuring  and  Administering  Microsoft  Windows  2000  Server  exam  (#70-215)  became  available  in 
June  as  a  requirement  in  the  Windows  2000  MCSE  certification  track.  As  of  Fall  2000,  it  does  not  employ 
adaptive  testing,  but  is  a  standard  exam  with  a  large  number  of  verbose  questions.  It  is  administered  through  both 
Virtual  University  Enterprises  (www.vue.com)  and  Prometric  (www.2test.com)  testing  centers  and,  like  all  Microsoft  exams, 
costs  $  1 00  to  take.  Part  1  addressed  Exam  Specifics  and  the  first  two  of  the  seven  test  objectives ,  with  this  one  focusing  on  the  other  five  objectives. 


Hardware  Devices  and  Drivers 

Windows  2000  fully  supports  Plug  and  Play  devices. 

With  Windows  2000,  a  vendor  of  a  third-party  product  is  encouraged 
to  submit  the  drivers  and  operating  system  files  (.dll,  .exe,  .fon,  .ocx, 
.ttf,  .sys)  to  Microsoft.  If  Microsoft  can  verify  that  the  files  do  not 
behave  erratically  or  cause  system  problems  or  identifiable  failures, 
Microsoft  signs  the  file  digitally.  When  an  administrator  or  user 
attempts  to  install  a  new  component  on  her  system,  the  system 
automatically  looks  for  the  signature.  If  it  does  not  find  a  signature,  a 
dialog  box  appears,  prompting  the  user  to  decide  whether  or  not  she 
wants  to  continue. 

By  default,  a  system  always  looks  for  a  driver  signature;  this  feature  is 
known  as  System  File  Protection.  The  driver  signature  is  ignored  only 
when  the  user  is  using  one  of  the  following  programs: 

■  Hotfix.exe 

■  Update.exe 

I  Windows  Update 

■  Wirmt32.exe 

These  files  are  needed  to 
install/repair  all  or  portions  of 
the  operating  system  and  thus 
the  driver  signature  is  ignored  for 
them. 

The  SIGVERIF.EXE  utility 
looks  for  files  that  are  not  digitally 
signed.  You  can  also  customize 
the  verification  options:  By 
default,  signature  verification 
search  results  go  to  the  log  file 
SIGVERIF.TXT  and  you  are 
notified  when  unsigned  files  are 
found  during  searches. 

SFC.EXE  is  used  to  automatically 
verify  system  files  after  a  reboot  to 
see  if  the  system  files  were 
changed  to  unprotected  copies. 

Unprotected  files  are  over-written 
by  stored  copies  of  the  system 
files  from  %systemroot%\sys- 
tem32\dllcache  (%systemroot%  is 
the  folder  into  which  the  operat¬ 
ing  system  was  installed).  SFC 
can  be  run  only  by  users  with  the 
Administrator  group  permissions. 


It  also  requires  the  use  of  a  parameter.  Valid  parameters  are  shown  in 
Figure  3. 

System  Performance 

Two  new  runlevels/priorities  have  been  added  to  processes,  making  the 
possibilities,  from  lowest  to  highest:  Low,  BelowNormal,  Normal, 
AboveNormal,  High,  Realtime.  The  only  way  to  change  the  priority  of  a 
running  process  is  via  Task  Manager,  which  has  also  been  enhanced 
with  an  “End  Process  Tree”  option.  The  only  way  to  start  a  process  at 
a  priority  other  than  its  default  is  to  use  the  Start  command  line  utility. 

Windows  2000  uses  the  term  “System  State  data”  to  refer  to  all  the 
components  the  operating  system  needs  to  function.  The  “System 
State  data”  on  Windows  2000  Professional  is  much  smaller  (a  subset) 
than  the  “System  State  data”  needed  on  Windows  2000  Server.  On 
Professional,  this  includes  only  Boot  (including  system)  files,  the 
Registry  and  COM+  database  files.  On  Server,  this 
includes  those  entries  plus  Certificate  Services  data¬ 
base,  SYSVOL  directory,  Active  Directory  and  any 
cluster  information. 

The  Backup  utility-accessible  under  Start, 
Accessories,  System  Tools-performs  backups  and 
restores,  as  well  as  allows  you  to  interact  with  the 
Task  Scheduler  to  schedule  jobs  and  make  the 
Emergency  Repair  Disk.  No  longer  limited  to  backing 
up  only  to  tape,  it  can  write  to  any  media. 

Storage  Use 

The  Computer  Management  snap-in  can  be  found 
under  Administrative  Tools  and  is  divided  into  three 
sections:  System  Tools,  Storage  and  Services  and 
Applications.  The  Storage  component  provides  the 
basis  for  working  with  disk  devices  and  is  subdivided 
into  four  other  sections: 

I  Disk  Management 

I  Disk  Defragmenter 

■  Logical  Drives 

I  Removable  Storage 

The  heart  of  this  section  of  the  exam  objectives 
resides  in  the  Disk  Management  tool,  and  you  must 
be  a  member  of  the  Administrators  group  to  access 
this  tool.  Replacing  the  Disk  Administrator  utility 
from  Windows  NT,  Disk  Management  surpasses  that 
tool  in  that  it  now  allows  for  remote  disk  management, 
supports  dynamic  volumes  (except  on  portable  computers). 


Figure  3:  Valid  SFC  parameters 

Parameter 

Function 

/CACHESIZE= 

Sets  the  size  of  the 
file  cache 

/CANCEL 

Stops  all  checks 

/ENABLE 

Returns  to 
normal  mode 

/PURGECACHE 

Clears  the  cache 

/QUIET 

Replaces  files 
without  prompting 

/SCANBOOT 

Checks  system  files 
on  every  boot 

/SCAN  NOW 

Checks  system 
files  now 

/SCANONCE 

Checks  system  files 
at  next  boot 
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offers  wizards  for  many  choices  and  allows  you  to  make  a  great  many  changes 
on-the-fly — without  requiring  a  reboot  to  be  active.  Microsoft  has  changed  its 
standard  for  storage  significantly  with  the  release  of  Windows  2000  by  turning  to 
dynamic  storage.  The  entire  disk  must  first  be  converted  to  dynamic  storage,  then 
you  can  create  and  alter  volumes  without  ever  needing  to  shutdown  and  restart  the 
system  for  the  changes  to  take  effect.  By  default,  every  disk  starts  as  the 
basic  type,  but  can  be  upgraded  to  dynamic  (unless  it  is  removable). 

When  dynamic,  the  pop-up  menu  for  each  volume  contains  the  same 
choices  as  those  for  basic,  plus  the  following  options  as  well: 

B  Extend  Volume.  This  option  allows  you  to  dynamically  change 
the  size  of  the  volume  (available  only  on  NTFS  volumes).  If  the 
volume  was  originally  created  on  a  basic  disk,  it  cannot  be 
extended.  If  the  volume  was  first  created  on  a  dynamic  disk,  it 
can  be  extended. 

B  Add  Mirror.  With  this  option,  you  can  enable 
fault  tolerance  via  mirroring  if  more  than  one 
drive  is  installed. 

B  Reactivate  Volume.  This  option  is  available  only 
if  the  volume  is  not  currendy  activated. 

B  Delete  Volume.  This  option  forces  the  loss 
of  all  data  and  the  space  becomes  unallocated. 

Within  Disk  Management,  there  are  two  frames:  the  top  frame  shows 
each  volume,  its  file  system,  status  and  capacity,  while  the  bottom  frame 
shows  each  disk-including  the  CD-ROM  and  the  volumes  on  it. 
Windows  2000  also  includes  a  disk  defragmenter-a  menu  option  that 
appeared  in  previous  versions  of  the  operating  system-but  it  could 
never  be  selected  because  no  such  utility  was  included  with  the  core 
operating  system. 

Quotas  can  be  configured  only  if  the  drive  is  NTFS.  They  allow  you  to 
configure  the  storage  limits  for  users.  By  default,  quota  management  is 
not  enabled;  it  must  be  enabled  before  any  other  options  can  be  set. 
The  check  box  labeled  Deny  Disk  Space  to  Users  Exceeding  Quota 
Limit  prevents  users  from  saving  their  files;  when  the  option  is  not 
checked,  users  merely  get  a  warning.  With  the  last  two  options,  you  can 
specify  what  happens  when  a  user  exceeds  the  limit;  the  program  can 
log  events  or  give  warnings.  (These  two  values  can  be  configured 
independendy  of  one  another). 

Network  Connections 

No  longer  just  one  of  multiple  protocols  that  you  can  choose,  TCP/IP 
is  now  the  required  protocol.  It  is  required  for  all  the  features  new  to 
Windows  2000  that  rely  upon  Active  Directory  and  other  services. 
TCP/IP  can  have  host  names  resolved  to  IP  addresses  with  the  use  of 
DNS  servers  (which  now  interact  with  WINS  servers),  and  can  have  IP 
addresses  automatically  issued  through  the  use  of  DHCP  servers.  In  the 
absence  of  DHCP  or  manual  addressing,  Windows  2000  uses 
Automatic  IP  Addressing  to  assign  hosts  addresses  in  the  169.254.x.x 
range. 

Besides  TCP/IP,  there  is  also  support  for  (but  not  default  installation 
of)  four  other  protocols: 

B  NetBEUI  -  for  older  Microsoft  clients. 

B  NWLink  -  for  communication  with  NetWare  servers. 

B  AppleTalk  -  for  Macintosh  clients. 


B  DLC  —  for  communicating  with  mainframes  and  older  network 
printers  (newer  network  printers  use  TCP/IP). 

There  are  two  protocols  to  use  for  creating  Virtual  Private  Networks 
(VPNs): 

B  PPTP  —  Point-to-Point-Tunneling  Protocol.  This  one  was  included 
with  NT  4.0  and  is  an  expansion  of  the  PPP  protocol.  This 
protocol  uses  MPPE  encryption. 

B  L2TP  —  Layer  2  Tunneling  Protocol.  New  to  Microsoft  operating 
systems,  it  is  not  new  at  all,  having  been  used  by  other  vendors 
for  years.  IPSec  is  the  encryption  it  utilizes. 

Security 

The  Encrypting  File  System  (EFS)  allows  you  to  toggle  an  attribute  for 
a  file  or  folder  just  as  you  would  any  other,  and  it  protects  the  contents. 
If  the  object  you  select  is  a  folder,  all  contents  of  the  folder-files, 
subfolders  and  so  on-also  become  encrypted.  Files  that  are  pasted  into 
an  encrypted  folder  become  encrypted  as  well,  but  files  that  are  placed 
in  the  folder  with  drag-and-drop  do  not  become  encrypted  automatically. 

In  order  to  use  EFS,  the  file  system  must  be  NTFS  and  the  files  must 
not  be  compressed.  Some  files-system  files  in  particular-cannot  be 
compressed  no  matter  what  other  conditions  exist.  If  you  move  or  copy 
an  encrypted  file  to  one  of  these  partitions,  it  automatically  becomes 
unencrypted. 

From  the  time  a  file  is  encrypted,  a  digital  code  associated  with  the  user 
(encryption  certificate)  is  assigned  to  it.  This  allows  the  encrypting  user  to 
open  and  work  with  the  file  exacdy  as  if  it  were  unencrypted,  but  prevents 
anyone  else  from  doing  so.  Because  the  file  can  only  be  opened  by  the 
encrypting  user,  this  makes  EFS  perfect  for  personal  data,  but  unusable  on 
any  data  you  want  to  share. 

You  can  use  the  Export  command  in  the  Certificates  snap-in  to  copy 
your  file  encryption  certificates  to  another  location-such  as  a  floppy 
drive.  Doing  so  will  allow  you  to  unencrypt  your  files  in  the  event  of  a 
restore  operation  being  necessary  after  a  media  failure  (at  which  time 
you  can  use  the  Import  command  to  bring  them  back  from  the  floppy). 

Group  Policies  and  the  Group  Policy  Editor  (gpedit)  are  new  and  exclusive 
to  Windows  2000.  For  Windows  NT  and  9x  clients,  you  must  still  use 
System  Policies,  which  can  be  created  with  the  System  Policy  Editor 
(poledit). 

Summary 

The  objectives  for  the  Windows  2000  Server  exam  cover  a  lot  of 
ground.  While  appearing  to  walk  through  all  the  features  of  the  oper¬ 
ating  system,  they  truly  focus  on  those  items  that  are  new.  With  a  little 
studying,  and  a  lot  of  hands-on  experience  with  the  operating  system, 
you  will  be  able  to  pass  this  exam  and  be  well  on  your  way  to  being 
certified  as  a  Windows  2000  MCSE.  B 

For  more  information  on  Part  I  of  “Dissecting  the  Windows  2000  Server 
Exam”  please  refer  to  the  9/24/01  edition  of  ComputerWorld,  InfoWorld 
and  Network  World. 


For  information  on  Advertsing  in  the  the  ITCareerssection  please  contact: 
Janis  Crowley,  650.312.0601  orjanis_crowley@itcareers.net. 

Produced  by:  Text  taken  from  the  November  2000  issue  of  CertMag's  StudyGuide, 
www.certmag.com. 
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IT  Careers  in  Web  Development 


Over  the  past  four  years,  the  primary  focus  of 
web  applications  and  development  was  on  basic 
operation  -  getting  a  site  up  and  running  and 
providing  data  and  information  to  conduct  business. 

That's  changed  somewhat  with  the  turn  of  the  century.  More  and  more, 
businesses  are  looking  for  additional  flexibility  and  power  within  their 
applications. 

David  Renaud,  executive  vice  president  of  development,  chief  technology 
officer  and  co-founder  of  Satmetrix  Systems  in  Mountain  View,  CA,  says 
his  company  has  long  been  committed  to  developing  web-enabled 
software  that  measures,  analyzes  and  allows  companies  to  improve 
customer  satisfaction  over  time.  "Satmetrix  Systems  embeds  market 
research  techniques,  best  practices  and  benchmark  information  in  its 
software  to  provide  the  most  accurate  and  timely  insight  available," 
explains  Renaud.  "Now,  we're  enhancing  the  self-administration  capabili¬ 
ties  of  our  software  so  that  web-reporting  sites  for  customers  provide 
greater  freedom  to  navigate  and  control  the  system  from  their  end." 

While  usability  is  one  facet,  Renaud  says  customers  also  are  looking  for 
additional  features  that  broaden  the  scope  and  power  of  applications. 

"Our  client  users  are  now  translating  customer  comments  from  customer 
satisfaction  surveys  into  various  languages  so  that  the  information  can  be 
presented  to  different  audiences,"  he  explains.  "For  example,  a  survey  is 


conducted  in  a  native  language,  say  French. The  company's  director  of 
customer  service  can  translate  the  comments  into  English,  using  the 
software,  and  present  the  data  to  managers  who  might  be  based  in  the 
United  States  and  use  English  as  their  first  language." 

Renaud  says  Satmetrix  Systems  has  three  functional  areas  for  IT  careers: 

1 )  overall  web  globalization  management;  2)  production  of  web  sites  using 
HTML  and  XML  skills,  Java  script,  graphics  and  multimedia;  and  3)  back¬ 
end  or  infrastructure  of  web  sites  managing  servers  and  configuration, 
hardware  and  software. 

"Know  your  strengths  and  passions  and  follow  them." 

In  today's  IT  environment,  "know  your  strengths  and  passions  and  follow 
them,"  advises  Renaud.  "There  are  many  directions  you  can  pursue  in  web 
development,  but  you  should  pursue  those  that  come  most  naturally. 

Steel  yourself  with  the  right  kind  of  ongoing  training  and  education.  At 
Satmetrix  Systems,  you  have  the  chance  to  work  alongside  clients  repre¬ 
senting  the  blue-chip  companies  of  the  world,  from  Siebel  Systems  and 
PeopleSoft  to  Cable  &  Wireless  and  Honda.  We  may  be  a  high  technology 
company,  but  what  makes  us  stand  out  is  our  people." 

For  more  job  opportunities  with  web  development  firms,  turn  to  the  pages 
of  ITcoreers. 

•  If  you'd  like  to  take  part  in  an  upcoming  ITcoreers  feature,  contact 
Jonis  Crowley,  650.312.0607  or  jonis_crowley@itcareers.net. 

•  Produced  by  Corole  R.  Hedden 

•  Designed  by  Aldebaran  Graphic  Solutions 


THE  BEST  MINDS.  THE  BEST  OPPORTUNITIES. 


JOIN  A  SYSTEMS  TEAM 

THAT  HAS  REVOLUTIONIZED 
AN  ENTIRE  INDUSTRY. 


Fidelity  Investments  maintains  the  industry's  most  advanced  technology 
infrastructure.  But  it's  our  people  who  are  our  most  important  asset.  Our 
systems  professionals  are  among  the  best  and  brightest  in  the  field. 
They  thrive  on  our  unyielding  commitment  to  technology,  creating  a 
culture  of  continuous  improvement  and  significant  achievement.  If  you'd 
like  to  be  part  of  it,  invest  in  a  systems  career  at  Fidelity  today. 


OPPORTUNITIES  AVAILABLE  IN  BOSTON  AND  MARLBOROUGH,  MA;  MERRIMACK,  NH; 
SMITHFIELD,  Rl;  NEW  YORK,  NY;  COVINGTON,  KY;  DALLAS,  TX;  AND  SALT  LAKE  CITY,  UT 


Some  of  the  Positions  Available: 

•  Web  Developers  — Job  Code:  CL1071 

•  Client/Server  Developers  —  Job  Code:  CL1072 

•  Senior/Consultant/Principal  Software  Engineers  - — Job  Code:  CL1073 

•  Lead  Software  Engineers/Project  Managers  — Job  Code:  CL1074 

•  Oracle/Sybase  Administrators/ Analysts/Developers  — Job  Code:  CL1075 

•  Analysts  -  Systems/Security/Business  — Job  Code:  CL1076 

•  SQA  Engineers  — Job  Code:  CL1077 

•  Network  Engineers — Job  Code:  CL1078 

•  Systems  Administrators  (NT  and/or  UNIX)  — Job  Code:  CL1079 

HOW  TO  RESPOND:  For  best  response,  apply  online  by  visiting  our  Web  site  at 
fidelity.com/jobs  and  creating  a  personal  profile  in  Job  Finder.  Or,  paste  your  resume 
into  an  e-mail  message,  indicating  Job  Code,  and  send  it  to:  resumes@fidelity.com. 
No  attachments,  please.  Or,  mail  your  resume  to:  Fidelity  Investments,  Resume  Central 
(Indicate  Job  Code),  82  Devonshire  Street,  Mail  Zone  H8C,  Boston,  MA  02109. 

BENEFITS:  Three-part  capital  accumulation  plan  with  401  (k)  •  Comprehensive  health/dental 
insurance  •  Emergency  backup  childcare  •  Life  insurance  program  with  investment  options 
•  Company-paid  pension  plan  •  Programs  for  working  families  •  Tuition  reimbursement 


For  additional  opportunities  nationwide,  please  visit  our  Web  site  at: 
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Opportunities  with 
ThinkSpark 

WeTe  always  looking  for  experi¬ 
enced  database  administrators, 
enterprise  application  consultants, 
developers,  designers  and  in¬ 
structors.  We  hire  self-motivated 
team  players  that  have  strong 
communication  skills,  technical 
expertise  and  leadership  potential. 

We  have  offices  in  Atlanta,  Austin, 
Boston,  Cleveland,  Dayton, 
Dallas,  Denver,  Fort  Worth, 
Houston,  Las  Vegas,  Oklahoma 
City,  Omaha,  San  Antonio  and 
Tulsa.  Relocation  and  some 
travel  may  be  required. 

Call  us  at  (888)  511-7837  or 
send  us  an  e-mail  at 
careers  @  thinkspark.com. 


Information  Technology 

Cap  Gemini  Ernst  &  Young  U.S. 
LLC  is  currently  seeking  individ¬ 
uals  to  fill  Consultant  and 
Manager  positions  in  multiple 
locations  nationwide  and  in 
California  including  the  Orange/ 
L.A.  counties  area  and  the 
San  Francisco  Bay  area.  Please 
send  resumes  to:  dept50619 
©cgeycareers.com. 


Call  your 

ITcareers  Sales  Representative 
or  Jams  Crowley. 
1-800-762-2977 
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With  a  deep  line-up  of  print,  web  and  event- 
driven  products,  IDG  Recruitment  Solutions 
can  deliver  solid  results  with  record  speed. 


This  is  the  way  to  integrate  your  recruitment 
efforts  moving  your  message  to  your  target 
audience  across  several  platforms-with 
maximum  efficiency  and  effect. 


IDG  Recruitment  Solutions  is  as  close  as  you 
keyboard,  as  fast  as  your  modem,  as  easy  as 
picking  up  the  phone. 


For  more  information  or  to  place  an  ad,  contact 
Janis  Crowley  at  650-3  1 2~0607s  or  email  at 
Crowley@itcareers.net.  — 


Janis 


Recruitment  Solutions 
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Java  Spec 

form  of  remote  calls  to  Web- 
based  applications  that  use 
HTTP  and  XML,  Mizzi  said. 
Mizzi’s  team  built  the  applica¬ 
tion  with  JBuilder  Java  devel¬ 
opment  tools  from  Scotts  Val¬ 
ley,  Calif.-based  Borland  Soft¬ 
ware  Corp.,  he  said,  rather  than 
using  a  J2EE-based  application 
server  that  didn’t  adequately 
support  Web  services. 

J2EE  1.3  is  “an  interim  step 
in  making  the  Java  platform 
more  loosely  coupled  and 
standards-oriented,”  said  Dar¬ 
ryl  Plummer,  an  analyst  at 
Gartner  Inc.  in  Stamford, 
Conn.  “The  1.4  specification 
will  add  more  capabilities  that 
are  in  the  [Java  Community 
Process]  right  now.” 

SOAP  Lacks  Support 

Inadequate  support  for  Sim¬ 
ple  Object  Access  Protocol 
(SOAP),  a  standard  for  swap¬ 
ping  XML-based  Web  services 
among  disparate  systems,  is 
another  J2EE  shortcoming, 
said  Randy  Heffner,  an  analyst 
at  Cambridge,  Mass.-based 
Giga  Information  Group  Inc. 

“There  is  no  standard  mech¬ 
anism  for  SOAP  within  the 
J2EE  1.3  environment,”  Heffner 
said.  As  a  result,  portability  be¬ 
tween  applications  written 
with  different  J2EE-compatible 
application  servers  is  hindered. 

“There’s  not  anything  in  the 
1.3  specification  that  supports 
SOAP  directly,”  said  Ralph  Gal¬ 
antine,  a  J2EE  product  line 
manager  at  Sun.  Galantine  said 
the  Java  Community  Process 
executive  committee,  the  gov¬ 
erning  body  for  J2EE,  would 
address  Web  services  func¬ 
tionality  in  Version  1.4.  Com¬ 
pany  officials  aren’t  sure  when 
Version  1.4  will  be  released. 

Plummer  noted  that  rather 
than  wait  for  SOAP  and  Web 
service  features  to  get  formal¬ 
ized  in  J2EE,  some  licensees, 
such  as  IBM  and  San  Jose-based 
BEA  Systems  Inc.,  have  added 
that  support  on  their  own. 


The  J2EE  1.3  specification 
includes  a  new  Java  connector 
architecture,  a  Java  Message 
Service  (JMS)  and  XML  inte¬ 
gration  support,  as  well  as  im¬ 
proved  Enterprise  JavaBeans 
(EJB)  2.0.  These  features  are 
aimed  at  simplifying  applica¬ 
tion  integration  and  pulling 
data  from  back-end  systems, 
such  as  enterprise  resource 
planning  or  customer  relation¬ 
ship  management  systems, 
Galantine  said. 

The  new  specification  also 
addresses  problems  with  EJBs 
and  their  ability  to  port  data 
between  application  servers, 
he  said.  It  requires  application 
vendors  to  support  JMS  and 
the  same  version  of  Internet 
Inter-ORB  Protocol  in  order  to 
pass  compatibility  testing. 

Requiring  JMS  is  important, 
said  Heffner,  because  without 
it,  there  is  no  guarantee  that 
applications  can  “talk”  to  one 
another. 

Joe  Choti,  chief  technology 
officer  at  New  York-based  Ma¬ 
jor  League  Baseball  Advanced 
Media  LP,  said  he  believes  that 
JMS  support  should  make  in¬ 
formation  transfers  easier 
within  the  Java  application  en¬ 
vironment,  but  he  added  that 
he  would  like  to  see  more. 

In  particular,  MLB  Advanced 
Media  has  difficulty  retaining 
user  information  on  its  Web 
properties  when  an  EJB  server 
crashes  due  to  problems  with 
the  structure  of  persistent  ses¬ 
sion  beans,  which  are  EJBs  that 
get  saved  and  stored  in  client 
sessions,  Choti  said. 

MLB  Advanced  Media  uses 
application  servers  and  tools 
from  iPlanet  E-Commerce  So¬ 
lutions,  a  Sun-Netscape  Al¬ 
liance  partner. 

“We’re  still  struggling  to  ex¬ 
ploit  the  functionality  that  is 
proclaimed  to  be  in  the  stan¬ 
dard  that  just  isn’t  working  for 
us,  like  replication,  clustering 
and  fail-over,”  Choti  said.  I 

For  more,  go  to  our 
Application/Web 
Development 
Knowledge  Center. 
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Online  Attacks 

ing  of  two  powerful  trends  into 
one  major  problem.  Without 
changes  by  vendors  and  end 
users  in  the  design  and  deploy¬ 
ment  of  systems,  there  could 
be  economic  consequences, 
warned  security  experts. 

“Today’s  commercial  off- 
the-shelf  technology  is  riddled 
with  holes,”  said  Richard 
Pethia,  director  of  the  CERT 
Coordination  Center  at  Carne¬ 
gie  Mellon  University  in  Pitts¬ 
burgh.  “The  sheer  number  of 
vulnerabilities  is  overwhelm¬ 
ing  organizations.” 

Pethia,  testifying  last  week 
before  a  U.S.  House  subcom¬ 
mittee  examining  Internet  se¬ 
curity,  said  reactive  solutions, 
such  as  applying  patches,  “are 
reaching  the  limit  of  their 
effectiveness.” 

Software  design  vulnerabili¬ 
ties  have  been  consistently  ris¬ 
ing  because  of  difficulties  in 
configuring  operating  systems 
and  applications  and  because 
vendors  make  security  a  low 
priority,  said  Pethia.  CERT  re¬ 
ported  400  vulnerabilities  in 
1999  and  1,090  last  year,  and  it 
expects  the  number  to  hit 
2,000  this  year.  Compounding 
the  problem  are  fears  that  In¬ 
ternet-related  terrorist  inci¬ 
dents  will  increase. 

“I  believe  the  threat  is  even 
greater  today  than  it  was  be¬ 
fore  Sept.  11,”  said  Michael 
Vatis,  a  former  assistant  direc¬ 
tor  for  the  FBI  and  former  head 
of  the  National  Infrastructure 
Protection  Center  (NIPC),  the 
government’s  lead  agency  on 
cybercrime  issues. 

Vatis,  now  head  of  the  Insti¬ 
tute  for  Security  Technology 
Studies  at  Dartmouth  College 
in  Hanover,  N.H.,  based  his 
prediction  on  a  study  of  cyber¬ 
attacks  during  prior  conflicts, 
such  as  the  capture  of  a  U.S. 
spy  plane  by  China  in  April. 

“The  possibility  is  there  to 
take  down  significant  portions 
of  the  Internet  and  the  critical 


In  preparing  for  Y2k,  the  White 
House  appointed  a  czar  to  organize 
critical  industries  to  combat  the 
problem.  Business  and  government 
worked  closely  together  across 
sectors  and  established  a  command 
center  for  information  to  help  U.S. 
businesses  deal  with  the  problem.  A 
few  months  into  2000,  it  was  dis¬ 
mantled. 

Now  a  push  is  on  to  put  it  back 
together.  Michael  Gent,  president  of 
the  North  American  Electric  Relia¬ 
bility  Council  in  Princeton,  N.J.,  has 
been  meeting  with  other  utility 
CEOs  to  test  interest,  said  spokes¬ 
woman  Ellen  Vancko. 

Harris  Miller,  head  of  the  Infor¬ 
mation  Technology  Association  of 
America,  said  the  Y2k  network 
should  have  never  been  shut  down. 

“That  was  a  decision  made  by 
the  outgoing  administration  over 


infrastructures  that  rely  on  the 
Internet,”  he  warned  in  testi¬ 
mony  he  gave  last  week  before 
the  House  Subcommittee  on 
Government  Efficiency,  Finan¬ 
cial  Management  and  Inter¬ 
governmental  Relations. 

Pethia  underscored  the 
point.  While  much  of  the  Inter¬ 
net  is  very  robust,  he  said, 
“there  are  those  few  key  points 
like  domain-name  servers  that 
don’t  have  enough  redundancy 
or  ability  to  quickly  recover 
from  attack.  If  we  focused  in 
on  those  key  points,  we  can 
make  a  lot  of  progress  in  a 
short  period  of  time.” 

Vatis  and  Pethia  said  software 
vendors  have  to  make  security 
paramount.  End  users  agree. 

The  problem  is  that  security 
isn’t  a  driving  factor  for  soft¬ 
ware  firms  in  marketing  their 
products  or  for  end  users  in 
choosing  them,  said  Eric 
Brock,  information  security 
manager  at  Dallas-based  cos¬ 
metics  company  Mary  Kay  Inc. 

“Security  professionals  need 
to  do  a  better  job  of  communi¬ 
cating  risks  to  business  deci¬ 
sion-makers,”  said  Brock.  If  se¬ 
curity  becomes  a  bigger  part  of 
software  buying  decisions, 


our  strong  objections,”  he  said. 

John  Koskinen,  Washington’s 
city  administrator  and  former  head 
of  the  White  House  Y2k  effort,  said 
that  unlike  the  year  2000  problem, 
today’s  threat  to  IT  is  undefined,  the 
response  is  difficult,  and  there  is  no 
known  time  frame. 

“Nonetheless,  I  don't  think  there 
is  any  way  to  deal  with  determining 
the  nature  of  the  threat,  protecting 
against  it  and  having  appropriate 
mechanisms  in  place  without  an 
effective  renewal  of  those  partner¬ 
ships  or  networks  across  the  econ¬ 
omy,”  he  said. 

Koskinen  believes  it  will  be  up  to 
the  White  House,  but  particularly 
the  new  head  of  the  Office  of 
Homeland  Security,  Pennsylvania 
Gov.  Tom  Ridge,  to  decide  whether 
to  reform  the  network. 

-  Patrick  Thibodeau 


vendors  will  have  to  pay  closer 
attention  to  it,  he  said. 

Harris  Miller,  president  of 
the  Information  Technology  of 
America  in  Arlington,  Va.,  who 
also  testified  at  the  hearing  last 
week,  said  it  would  be  inaccu¬ 
rate  to  say  the  Internet  is  vul¬ 
nerable.  “There  are  obvious 
physical  risks,”  he  said.  But 
while  no  design  is  perfect,  soft¬ 
ware  makers  are  trying  to  build 
systems  with  the  highest  secu¬ 
rity  settings,  he  said. 

However,  end-user  compa¬ 
nies  don’t  always  take  advan¬ 
tage  of  those  security  features 
and  sometimes  turn  them  off, 
he  said. 

Wilfred  Camilleri,  informa¬ 
tion  security  manager  at  the 
University  of  Toronto,  said  end 
users  are  having  a  tough  time 
staying  abreast  of  patches. 

“The  problem  that  we  are 
encountering  most  often  is 
that  people  are  not  aware  that 
patches  are  available,”  he  said. 

Ronald  Dick,  chief  of  the 
NIPC,  said  that  about  80%  of 
the  issues  his  agency  tackles 
could  have  been  avoided  if  sys¬ 
tems  administrators  “would 
just  download  a  patch  and  re¬ 
pair  their  systems.”  ► 
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FRANK  HAYES/FRANKLY  SPEAKING 

Time  to  Retool  IIS 


Fair  is  fair.  I’ve  kicked  Gartner  analysts  for  some  dumb 
ideas  over  the  years,  so  it’s  only  fair  to  recognize  one  of 
them  for  getting  it  right.  And  last  week,  Gartner’s  John 
Pescatore  made  what’s  probably  the  gutsiest  call  you’ll 
hear  from  any  analyst  this  year.  Pescatore  recommended 
that  IT  shops  using  Microsoft’s  Internet  Information  Server  (IIS) 
should  “immediately  investigate  alternatives  to  IIS”  because  of  its 
security  problems  (see  story,  page  10). 

Gutsy?  You  bet.  Gartner’s  customers  don’t  have  a  lot  of  spare 
money  to  replace  key  systems  right  now.  And  they  don’t  want  to 


look  bad  for  having  picked  a  lousy  system.  So 
the  advice  that  big  IT  shops  should  dump  a  ma¬ 
jor  Microsoft  product  is  likely  to  go  down  like  a 
live  frog. 

Microsoft  insists  that  IIS  is  no  worse  than 
its  competitors’  products.  Loyal  customers  in¬ 
sist  they  want  their  IIS.  Other  consulting  firms 
are  making  kissing  noises  in  the  direction  of 
Redmond. 

But  Pescatore  is  right.  IIS  is  broken,  and  the 
endless  stream  of  patches  isn’t  enough.  IIS 
should  be  rewritten  from  the  ground  up,  with 
the  kind  of  attention  to  security  and  software 
quality  that  we  need  from  serious  IT  infrastruc¬ 
ture  products. 

And  Microsoft  won’t  do  that  until  IT  shops 
stop  accepting  Microsoft’s  excuses  and  justifi¬ 
cations. 

If  those  excuses  and  promises  were  just  a 
smoke  screen  for  a  furious  effort  on  Microsoft’s 
part  to  roll  out  a  secure  IIS,  it  wouldn’t  be  nec¬ 
essary  to  call  for  pulling  the  plug. 

But  unfortunately,  that’s  not  the  case.  Micro¬ 
soft’s  focus  is  on  fighting  off  complaints  about 
and  competitors  to  .Net  and  Passport  and  Hail- 
Storm.  Security  and  code  quality  are  getting 
short  shrift. 

If  this  were  any  other  industry, 
there  would  be  government  investi¬ 
gations  and  class-action  lawsuits.  If 
Microsoft  made  faulty  automobiles, 
the  company  wouldn’t  get  away 
with  sending  every  customer  hun¬ 
dreds  of  parts  to  retrofit  and  then 
insisting  it  was  the  customer’s  fault 
in  case  of  a  crash. 

But  this  is  the  IT  business,  where 
we’ve  put  up  with  decades  of 
shrink-wrap  licenses  and  nobody’s- 
perfect  shrugs  from  software  ven¬ 
dors.  The  law  says  Microsoft  does¬ 


n’t  have  to  care  whether  its  products  work.  The 
only  people  who  can  make  Microsoft  care  are 
the  people  who  cut  the  purchase  orders. 

Which  means  it’s  time  for  IT  shops  to  com¬ 
pare  what  replacing  IIS  will  cost  —  in  price, 
functionality,  code  rebuilding  and  staff  retrain¬ 
ing  —  with  the  cost  and  risk  of  all  those  patches 
and  all  those  worm  attacks. 

It’s  time  for  corporate  IT  managers  and  CIOs 
to  look  at  hard  numbers  on  those  costs  and 
risks  and  to  take  those  numbers  seriously  — 
especially  when  it’s  time  to  make  decisions  on 
new  Internet  applications  and  upgraded  server 
software. 

Maybe  most  important,  it’s  time  for  Microsoft 
to  respond.  Not  with  more  “We’re  no  worse 
than  anyone  else”  excuses.  Not  with  a  public  re¬ 
lations  campaign,  or  a  hard  sell  aimed  at  cus¬ 
tomers.  But  with  a  plan  —  a  plan  to  create  an  in¬ 
dustrial-strength  Internet  server  that  doesn’t 
ship  with  gaping  security  holes,  doesn’t  require 
constant  patching  and  doesn’t  hand  every  anti¬ 
social  teenage  cracker  a  tool  for  creating  chaos. 

Can  Microsoft  build  a  secure  IIS?  Sure.  Mi¬ 
crosoft  has  some  of  the  smartest  programmers 
in  the  world.  It  has  the  resources  to  hire  what¬ 
ever  talent  and  skills  it  doesn’t  al¬ 
ready  have.  All  Microsoft  lacks  is 
the  will  to  do  what  needs  to  be 
done. 

We  all  know  the  man  who  can 
provide  that  will.  His  title  says 
he’s  in  charge  of  software  at  Micro¬ 
soft.  The  stock  he  owns  says  he  calls 
the  shots. 

So  over  the  coming  weeks  and 
months,  while  you’re  looking  hard 
at  alternatives  to  IIS,  keep  an  eye  on 
the  man  who  should  have  a  plan. 

And  maybe  we’ll  find  out  if  Bill 
Gates  is  as  gutsy  as  John  Pescatore.  I 
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SALES  VP  spends  all  day  typ¬ 
ing  up  a  forecast,  prints  it,  then 
closes  the  document  without 
saving  it.  His  frantic  aide  races  to 
an  IT  pilot  fish  for  help.  "She  be¬ 
lieves  that  I  can  find  the  docu¬ 
ment  if  it's  been  less  than  an 
hour  since  it  was  closed  without 
saving,"  says  fish.  It  doesn’t 
work  that  way,  says  fish,  but  aide 
doesn’t  want  to  believe  it:  “Isn’t 
there  some  place  it  just  goes  for 
an  hour?" 

USER  STICKS  his  head  into  IT 
pilot  fish’s  office  to  complain  that 
the  water  cooler  in  the  confer¬ 
ence  room  isn’t  getting  the  water 
cold  enough.  Suggests  straight- 
faced  IT  pilot  fish,  “Have  you 
tried  rebooting  it?” 

IT  SHOP’S  HARDWARE  guys 
don’t  like  how  hard  it  is  to  re¬ 
move  the  cover  from  one  server 
they’re  evaluating,  so  they  give  it 
a  thumbs  down.  That’s  unfair,  re¬ 
seller  tells  pilot  fish:  “The  hard¬ 
ware  is  extremely  reliable  and 
hardly  ever  has  to  be  opened  for 
repairs.” 


he  can’t  get  the  software  to  run. 
Finally,  he  offers  to  return  the  PC 
to  its  pre-update  state.  “That’s 
OK,”  user  says.  “It  never  worked 
on  this  machine  anyway.”  Why 
didn’t  you  tell  me  that?  fish  de¬ 
mands.  “Oh,  I  figured  you’d  know 
how  to  make  it  work.” 

BOSS’S  PC  won’t  start,  so  sup¬ 
port  pilot  fish  starts  walking  him 
through  the  usual  troubleshoot¬ 
ing  procedure.  After  several 
steps,  boss  interrupts:  “Do  you 
think  all  the  ants  coming  out  of 
the  surge  protector  could  have 
anything  to  do  with  it?" 

MY  PC  HAS  fallen  asleep,  user 
insists.  “Do  you  mean  the  screen 
is  blank?”  asks  pilot  fish.  No,  it’s 
asleep.  “How  do  you  know  it’s 
asleep?”  Because  it’s  snoring, 
user  says.  Sure  enough,  there’s  a 
stream  of  Zs  running  across  the 
screen,  fish  sees  when  he  ar¬ 
rives.  There's  also  a  notebook 
sitting  on  the  Z  key,  fish  notices. 
He  surreptitiously  nudges  the 
notebook  off  the  keyboard  -  and 
shouts,  “Wake  up!” 


FIVE  MINUTES  AFTER  his 

PC’s  operating  system  upgrade 
is  complete,  user  tells  IT  pilot 
fish,  “I  have  one  program  that’s 
not  working.”  Fish  tries  every 
trick  he  knows  for  two  hours,  but 


Wake  me  up,  too:  sharky® 
computerworld.com.  You 
score  a  sharp  Shark  shirt  if  your 
true  tale  of  IT  life  sees  print  -  or 
if  it  shows  up  in  the  daily  feed  at 
computerworld.  com/sharky. 


The  5th  Wave 


'  ok,  I  think  1  foigot  -to  mention  this,  but  we  now  have 
a  "Web  man^ement  function  that  automatically  alerts 
vs  when  there’s  a  btoten  link  on  The  Ajuarium's 
Website." 


©Rich  Tennant,  www.the5thwave.com 


Mfghive 


Introducing  Active  Archive  Solutions:  The  intelligent  way  to  optimize  database  performance. 

Active  archiving  is  a  breakthrough  way  to  relieve  the  pain  of  overloaded  databases,  sluggish 
application  performance  and  endless  hardware  upgrades.  Database  size  is  dramatically  reduced 
by  systematically  setting  aside  infrequently  used  data.  However,  the  data  is  always  kept  close  at 
hand  for  easy  access.  Best  of  all,  you  save  money  by  optimizing  the  hardware  you  already 
have.  Get  smarter.  Call  800-457-7060  or  visit  www.storesmarter.com. 

e  2001  Princeton  Soflecti  Inc.  All  nflhts  reserved. 
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INTEGRATION: 

A  HERCULEAN  TASK. 


Reshaping  IT  infrastructures  can  be  difficult  for  mere  mortals. 


How’s  this  for  a  challenge?  Take  an  e-business  infra¬ 
structure  teeming  with  disparate  networks,  platforms, 
standards  and  applications,  and  make  them  all  work  as  one. 
Across  all  business  units.  With  suppliers,  partners  and 
customers.  Yep,  integration  is  one  colossal  test  of  strength. 

So  how  do  you  tackle  it?  You  can  start  by  ordering  our 
Software  Evaluation  Kit  for  Linux?  (It’s  yours  free  by 
simply  registering  by  phone  or  online.)  In  it  you’ll  find  an 
overview  of  e-business  integration,  along  with  perspec¬ 
tives  and  strategies  for  tough  integration  challenges.  You’ll 
also  get  free  trial  code  for  IBM  software  such  as  DB2? 
WebSphere?  Lotus®  and  Java"  Tools.  It’s  the  perfect 
integration  software  primer.  And  best  of  all,  everything 
in  it  also  speaks  Linux. 


As  the  fastest  growing  and  most  accessible  operating 
system,  Linux  is  an  ideal  platform  for  the  integrated 
environment.  For  small  business  or  corporate  behemoth. 
It’s  open,  scalable  and  hardware-agnostic. 

That’s  why  IBM  offers  the  industry’s  richest 
selection  of  code  for  Linux.  And  then  backs  it  with  IBM 
service,  support  and  consulting.  That  means  an  army  of 
integration  experts  proficient  in  everything  from 
designing  to  deploying  to  maintaining 
truly  open  and  interoperable  systems.  ^ 

To  see  how  you  can  take  on  an  inte-  1 
gration  project,  with  little  to  no  chance  of 
a  hernia,  visit  our  Web  site  or  call  today  for 
your  free  Software  Evaluation  Kit  for  Linux 


CLICK  OR  CALL  FOR  A  FREE  IBM  SOFTWARE  EVALUATION  KIT  FOR  LINUX. 


(g°  ibm.com/e-business/soready/p4  Q  1  800  426  7080,  ask  for  Open 


*  LEG  At.  NOTE-  IBM,  Lotus,  the  e-business  logo  and  other  marks  designated "  or  “are  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other 
countries.  Java  and  all  Java-based  trademarks  are  trademarks  of  Sun  Microsystems,  Inc.  in  the  United  States,  other  countries,  or  both.  Other  company,  product  and  service  names  may 
be  trademarks  or  service  marks  of  others.  Linux  is  a  registered  trademark  of  Linus  Torvalds.  ©  2001  IBM  Corporation.  All  rights  reserved.  Limit  one  kit  per  respondent.  Respondents  will 
be  required  to  complete  a  registration  form  in  order  to  participate  in  this  offer.  Offer  ends  12.31.01.  Offer  available  only  in  U.S. 


